Search CVE reports
21 – 30 of 72 results
CVE-2023-27043
Medium prioritySome fixes available 8 of 21
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker...
11 affected packages
python2.7, python3.10, python3.11, python3.12, python3.13...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Fixed | Fixed | Fixed | Fixed |
python3.10 | Not in release | Fixed | Not in release | Not in release | Not in release |
python3.11 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
python3.12 | Fixed | Not in release | Not in release | Not in release | Not in release |
python3.13 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
python3.7 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
python3.8 | Not in release | Not in release | Fixed | Vulnerable | Not in release |
python3.9 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
CVE-2023-24329
Medium prioritySome fixes available 11 of 18
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
9 affected packages
python2.7, python3.10, python3.11, python3.4, python3.5...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Vulnerable | Vulnerable | Vulnerable | Fixed |
python3.10 | Not in release | Fixed | Not in release | Not in release | Not in release |
python3.11 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Fixed |
python3.6 | — | Not in release | Not in release | Fixed | Not in release |
python3.7 | — | Not in release | Not in release | Fixed | Not in release |
python3.8 | — | Not in release | Fixed | Fixed | Not in release |
python3.9 | — | Not in release | Fixed | Not in release | Not in release |
CVE-2022-45061
Medium prioritySome fixes available 12 of 18
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the...
10 affected packages
python, python2.7, python3.10, python3.11, python3.4...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python | — | Not in release | Not in release | Not in release | Ignored |
python2.7 | Not in release | Needs evaluation | Needs evaluation | Fixed | Fixed |
python3.10 | Not in release | Fixed | Not in release | Not in release | Not in release |
python3.11 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Fixed |
python3.6 | — | Not in release | Not in release | Fixed | Not in release |
python3.7 | — | Not in release | Not in release | Fixed | Not in release |
python3.8 | — | Not in release | Fixed | Fixed | Not in release |
python3.9 | — | Not in release | Fixed | Not in release | Not in release |
CVE-2022-42919
High prioritySome fixes available 3 of 5
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles...
9 affected packages
python2.7, python3.10, python3.11, python3.4, python3.5...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.10 | Not in release | Fixed | Not in release | Not in release | Not in release |
python3.11 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Not affected |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |
python3.8 | — | Not in release | Not affected | Not affected | Not in release |
python3.9 | — | Not in release | Fixed | Not in release | Not in release |
CVE-2020-10735
Negligible priorityA flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits...
9 affected packages
python, python2.7, python3.10, python3.4, python3.5...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python | — | Not in release | Not in release | Not in release | Ignored |
python2.7 | — | Ignored | Ignored | Ignored | Ignored |
python3.10 | — | Ignored | Not in release | Not in release | Ignored |
python3.4 | — | Not in release | Not in release | Not in release | Ignored |
python3.5 | — | Not in release | Not in release | Not in release | Ignored |
python3.6 | — | Not in release | Not in release | Ignored | Ignored |
python3.7 | — | Not in release | Not in release | Ignored | Ignored |
python3.8 | — | Not in release | Ignored | Ignored | Ignored |
python3.9 | — | Not in release | Ignored | Not in release | Ignored |
CVE-2021-28861
Low priority** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is...
9 affected packages
python2.7, python3.10, python3.11, python3.4, python3.5...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | — | Not affected | Not affected | Not affected | Not affected |
python3.10 | — | Fixed | Not in release | Not in release | Not in release |
python3.11 | — | Not affected | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Fixed |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |
python3.8 | — | Not in release | Not affected | Not affected | Not in release |
python3.9 | — | Not in release | Fixed | Not in release | Not in release |
CVE-2017-20052
Medium priorityA vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The...
9 affected packages
python, python2.7, python3.10, python3.4, python3.5...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python | — | — | — | — | — |
python2.7 | — | Not affected | Not affected | Not affected | Not affected |
python3.10 | — | Not affected | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Not affected |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |
python3.8 | — | Not in release | Not affected | Not affected | Not in release |
python3.9 | — | Not in release | Not affected | Not in release | Not in release |
CVE-2015-20107
Low prioritySome fixes available 17 of 18
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that...
8 affected packages
python2.7, python3.10, python3.4, python3.5, python3.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Fixed | Fixed | Fixed | Fixed |
python3.10 | Not in release | Fixed | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
python3.9 | Not in release | Not in release | Fixed | Not in release | Not in release |
CVE-2022-26488
Medium priorityIn Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit,...
8 affected packages
python2.7, python3.10, python3.4, python3.5, python3.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | — | Not affected | Not affected | Not affected | Not affected |
python3.10 | — | Not affected | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Not affected |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |
python3.8 | — | Not in release | Not affected | Not affected | Not in release |
python3.9 | — | Not in release | Not affected | Not in release | Not in release |
CVE-2022-0391
Medium prioritySome fixes available 12 of 14
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows...
8 affected packages
python2.7, python3.10, python3.4, python3.5, python3.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Fixed | Fixed | Fixed | Fixed |
python3.10 | Not in release | Not affected | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
python3.9 | Not in release | Not in release | Not affected | Not in release | Ignored |