CVE search results

71 – 79 of 79 results

Detailed view

Sort by:

CVE-2018-1000030

Low priority

Some fixes available 2 of 3

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not...

7 affected packages

python2.6, python2.7, python3.2, python3.4, python3.5...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.6	—	—	—	Not in release
python2.7	—	—	—	Not affected
python3.2	—	—	—	Not in release
python3.4	—	—	—	Not in release
python3.5	—	—	—	Not in release
python3.6	—	—	—	Not affected
python3.7	—	—	—	Not affected

CVE-2017-17522

Medium priority

Ignored

** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct...

8 affected packages

jython, python2.6, python2.7, python3.2, python3.4...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
jython	—	Not affected	Not affected	Not affected
python2.6	—	Not in release	Not in release	Not in release
python2.7	—	Not affected	Not affected	Not affected
python3.2	—	Not in release	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release
python3.6	—	Not in release	Not in release	Not affected
python3.7	—	Not in release	Not in release	Not affected

CVE-2017-1000158

Medium priority

Fixed

CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)

5 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	—	Not affected	Not affected	Not affected
python3.4	—	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release
python3.6	—	Not in release	Not in release	Not affected
python3.7	—	Not in release	Not in release	Not affected

CVE-2016-5699

Medium priority

Some fixes available 4 of 5

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

4 affected packages

python2.7, python3.2, python3.4, python3.5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	—	Not affected	Not affected	Not affected
python3.2	—	Not in release	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release

CVE-2016-5636

Medium priority

Some fixes available 7 of 10

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which...

4 affected packages

python2.7, python3.2, python3.4, python3.5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	—	Not affected	Not affected	Not affected
python3.2	—	Not in release	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release

CVE-2016-0772

Medium priority

Some fixes available 7 of 10

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by...

4 affected packages

python2.7, python3.2, python3.4, python3.5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	—	Not affected	Not affected	Not affected
python3.2	—	Not in release	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release

CVE-2016-1000110

Medium priority

Some fixes available 7 of 10

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

4 affected packages

python2.7, python3.2, python3.4, python3.5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	—	Not affected	Not affected	Not affected
python3.2	—	Not in release	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release

CVE-2015-5652

Low priority

Not affected

Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was...

4 affected packages

python2.7, python3.2, python3.4, python3.5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	—	—	—	Not affected
python3.2	—	—	—	—
python3.4	—	—	—	Not in release
python3.5	—	—	—	Not in release

CVE-2007-4559

Medium priority

Some fixes available 2 of 30

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR...

16 affected packages

python2.3, python2.4, python2.5, python2.6, python2.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.3	—	—	—	—
python2.4	—	—	—	—
python2.5	—	—	—	—
python2.6	—	—	—	—
python2.7	—	Ignored	Ignored	Ignored
python3.0	—	—	—	—
python3.1	—	—	—	—
python3.10	—	Fixed	Not in release	Not in release
python3.11	—	Ignored	Not in release	Not in release
python3.12	—	Not in release	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release
python3.6	—	Not in release	Not in release	Ignored
python3.7	—	Not in release	Not in release	Ignored
python3.8	—	Not in release	Ignored	Ignored
python3.9	—	Not in release	Ignored	Not in release

Export to JSON

Results by page:

Search CVE reports