Search CVE reports

31 – 40 of 57 results

Detailed view

Sort by:

CVE-2023-27043

Medium priority

Some fixes available 10 of 21

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker...

11 affected packages

python3.10, python3.11, python3.8, python2.7, python3.4...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python3.10	Not in release	Fixed	Not in release	Not in release
python3.11	Not in release	Vulnerable	Not in release	Not in release
python3.8	Not in release	Not in release	Fixed	Vulnerable
python2.7	Not in release	Fixed	Fixed	Fixed
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Vulnerable
python3.7	Not in release	Not in release	Not in release	Vulnerable
python3.9	Not in release	Not in release	Vulnerable	Not in release
python3.12	Fixed	Not in release	Not in release	Not in release
python3.13	Not in release	Not in release	Not in release	Not in release

CVE-2023-24329

Medium priority

Some fixes available 15 of 18

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

9 affected packages

python3.11, python2.7, python3.10, python3.4, python3.5...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python3.11	Not in release	Fixed	Not in release	Not in release
python2.7	Not in release	Fixed	Fixed	Fixed
python3.10	Not in release	Fixed	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release
python3.6	—	Not in release	Not in release	Fixed
python3.7	—	Not in release	Not in release	Fixed
python3.8	—	Not in release	Fixed	Fixed
python3.9	—	Not in release	Fixed	Not in release

CVE-2022-48566

Medium priority

Some fixes available 10 of 12

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

11 affected packages

python, python2.7, python3.4, python3.5, python3.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python	Not in release	Not in release	Not in release	Ignored
python2.7	Not in release	Fixed	Fixed	Fixed
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Fixed
python3.8	Not in release	Not in release	Fixed	Fixed
python3.9	Not in release	Not in release	Not affected	Not in release
python3.10	Not in release	Not affected	Not in release	Not in release
python3.11	Not in release	Not affected	Not in release	Not in release
python3.12	Not affected	Not in release	Not in release	Not in release

CVE-2022-48565

Medium priority

Some fixes available 11 of 12

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

11 affected packages

python, python2.7, python3.4, python3.5, python3.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python	Not in release	Not in release	Not in release	Ignored
python2.7	Not in release	Fixed	Fixed	Fixed
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Fixed
python3.8	Not in release	Not in release	Not affected	Fixed
python3.9	Not in release	Not in release	Fixed	Not in release
python3.10	Not in release	Not affected	Not in release	Not in release
python3.11	Not in release	Not affected	Not in release	Not in release
python3.12	Not affected	Not in release	Not in release	Not in release

CVE-2022-48564

Medium priority

Some fixes available 8 of 11

read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

11 affected packages

python, python2.7, python3.4, python3.5, python3.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python	Not in release	Not in release	Not in release	Ignored
python2.7	Not in release	Needs evaluation	Needs evaluation	Fixed
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Fixed
python3.8	Not in release	Not in release	Not affected	Fixed
python3.9	Not in release	Not in release	Not affected	Not in release
python3.10	Not in release	Not affected	Not in release	Not in release
python3.11	Not in release	Not affected	Not in release	Not in release
python3.12	Not affected	Not in release	Not in release	Not in release

CVE-2022-48560

Medium priority

Some fixes available 10 of 11

A use-after-free exists in Python through 3.9 via heappushpop in heapq.

11 affected packages

python, python2.7, python3.4, python3.5, python3.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python	Not in release	Not in release	Not in release	Ignored
python2.7	Not in release	Fixed	Fixed	Fixed
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Fixed
python3.8	Not in release	Not in release	Not affected	Fixed
python3.9	Not in release	Not in release	Not affected	Not in release
python3.10	Not in release	Not affected	Not in release	Not in release
python3.11	Not in release	Not affected	Not in release	Not in release
python3.12	Not affected	Not in release	Not in release	Not in release

CVE-2022-45061

Medium priority

Some fixes available 15 of 18

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the...

10 affected packages

python2.7, python, python3.4, python3.5, python3.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Fixed	Fixed	Fixed
python	—	Not in release	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release
python3.6	—	Not in release	Not in release	Fixed
python3.7	—	Not in release	Not in release	Fixed
python3.8	—	Not in release	Fixed	Fixed
python3.9	—	Not in release	Fixed	Not in release
python3.11	Not in release	Fixed	Not in release	Not in release
python3.10	Not in release	Fixed	Not in release	Not in release

CVE-2022-42919

High priority

Some fixes available 4 of 5

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles...

9 affected packages

python2.7, python3.5, python3.6, python3.9, python3.10...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Not affected	Not affected	Not affected
python3.5	—	Not in release	Not in release	Not in release
python3.6	—	Not in release	Not in release	Not affected
python3.9	—	Not in release	Fixed	Not in release
python3.10	Not in release	Fixed	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release
python3.7	—	Not in release	Not in release	Not affected
python3.8	—	Not in release	Not affected	Not affected
python3.11	Not in release	Fixed	Not in release	Not in release

CVE-2022-37454

Medium priority

Some fixes available 16 of 20

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the...

13 affected packages

php7.2, php7.4, pypy3, pysha3, php5...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php7.2	—	Not in release	Not in release	Fixed
php7.4	—	Not in release	Fixed	Not in release
pypy3	Not affected	Fixed	Fixed	Not in release
pysha3	Not in release	Fixed	Fixed	Needs evaluation
php5	—	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release
php8.1	Not in release	Fixed	Not in release	Not in release
python3.10	Not in release	Fixed	Not in release	Not in release
python3.6	—	Not in release	Not in release	Fixed
python3.7	—	Not in release	Not in release	Fixed
python3.8	—	Not in release	Fixed	Fixed
python3.9	—	Not in release	Fixed	Not in release
python3.11	Not in release	Not affected	Not in release	Not in release

CVE-2022-26488

Medium priority

Not affected

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit,...

8 affected packages

python2.7, python3.10, python3.4, python3.5, python3.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	—	Not affected	Not affected	Not affected
python3.10	—	Not affected	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release
python3.6	—	Not in release	Not in release	Not affected
python3.7	—	Not in release	Not in release	Not affected
python3.8	—	Not in release	Not affected	Not affected
python3.9	—	Not in release	Not affected	Not in release

Export to JSON

Results by page: