Search CVE reports
21 – 30 of 74 results
CVE-2023-36632
Medium priority** DISPUTED ** The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument...
11 affected packages
python, python2.7, python3.10, python3.11, python3.12...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python | — | Not in release | Not in release | Ignored | Ignored |
python2.7 | — | Not affected | Not affected | Not affected | Not affected |
python3.10 | — | Not affected | Not in release | Not in release | Not in release |
python3.11 | — | Not affected | Not in release | Not in release | Not in release |
python3.12 | — | Not in release | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Not affected |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |
python3.8 | — | Not in release | Not affected | Not affected | Not in release |
python3.9 | — | Not in release | Not affected | Not in release | Not in release |
CVE-2023-33595
Medium priorityCPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.
11 affected packages
python, python2.7, python3.10, python3.11, python3.12...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python | — | Not in release | Not in release | Ignored | Ignored |
python2.7 | — | Not affected | Not affected | Not affected | Not affected |
python3.10 | — | Not affected | Not in release | Not in release | Not in release |
python3.11 | — | Not affected | Not in release | Not in release | Not in release |
python3.12 | — | Not in release | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Not affected |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |
python3.8 | — | Not in release | Not affected | Not affected | Not in release |
python3.9 | — | Not in release | Not affected | Not in release | Not in release |
CVE-2023-27043
Medium prioritySome fixes available 10 of 21
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker...
11 affected packages
python2.7, python3.10, python3.11, python3.12, python3.13...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Fixed | Fixed | Fixed | Fixed |
python3.10 | Not in release | Fixed | Not in release | Not in release | Not in release |
python3.11 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
python3.12 | Fixed | Not in release | Not in release | Not in release | Not in release |
python3.13 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
python3.7 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
python3.8 | Not in release | Not in release | Fixed | Vulnerable | Not in release |
python3.9 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
CVE-2023-24329
Medium prioritySome fixes available 11 of 18
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
9 affected packages
python2.7, python3.10, python3.11, python3.4, python3.5...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Vulnerable | Vulnerable | Vulnerable | Fixed |
python3.10 | Not in release | Fixed | Not in release | Not in release | Not in release |
python3.11 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Fixed |
python3.6 | — | Not in release | Not in release | Fixed | Not in release |
python3.7 | — | Not in release | Not in release | Fixed | Not in release |
python3.8 | — | Not in release | Fixed | Fixed | Not in release |
python3.9 | — | Not in release | Fixed | Not in release | Not in release |
CVE-2022-45061
Medium prioritySome fixes available 12 of 18
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the...
10 affected packages
python, python2.7, python3.10, python3.11, python3.4...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python | — | Not in release | Not in release | Not in release | Ignored |
python2.7 | Not in release | Needs evaluation | Needs evaluation | Fixed | Fixed |
python3.10 | Not in release | Fixed | Not in release | Not in release | Not in release |
python3.11 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Fixed |
python3.6 | — | Not in release | Not in release | Fixed | Not in release |
python3.7 | — | Not in release | Not in release | Fixed | Not in release |
python3.8 | — | Not in release | Fixed | Fixed | Not in release |
python3.9 | — | Not in release | Fixed | Not in release | Not in release |
CVE-2022-42919
High prioritySome fixes available 3 of 5
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles...
9 affected packages
python2.7, python3.10, python3.11, python3.4, python3.5...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.10 | Not in release | Fixed | Not in release | Not in release | Not in release |
python3.11 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Not affected |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |
python3.8 | — | Not in release | Not affected | Not affected | Not in release |
python3.9 | — | Not in release | Fixed | Not in release | Not in release |
CVE-2020-10735
Negligible priorityA flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits...
9 affected packages
python, python2.7, python3.10, python3.4, python3.5...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python | — | Not in release | Not in release | Not in release | Ignored |
python2.7 | — | Ignored | Ignored | Ignored | Ignored |
python3.10 | — | Ignored | Not in release | Not in release | Ignored |
python3.4 | — | Not in release | Not in release | Not in release | Ignored |
python3.5 | — | Not in release | Not in release | Not in release | Ignored |
python3.6 | — | Not in release | Not in release | Ignored | Ignored |
python3.7 | — | Not in release | Not in release | Ignored | Ignored |
python3.8 | — | Not in release | Ignored | Ignored | Ignored |
python3.9 | — | Not in release | Ignored | Not in release | Ignored |
CVE-2021-28861
Low priority** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is...
9 affected packages
python2.7, python3.10, python3.11, python3.4, python3.5...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | — | Not affected | Not affected | Not affected | Not affected |
python3.10 | — | Fixed | Not in release | Not in release | Not in release |
python3.11 | — | Not affected | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Fixed |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |
python3.8 | — | Not in release | Not affected | Not affected | Not in release |
python3.9 | — | Not in release | Fixed | Not in release | Not in release |
CVE-2017-20052
Medium priorityA vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The...
9 affected packages
python, python2.7, python3.10, python3.4, python3.5...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python | — | — | — | — | — |
python2.7 | — | Not affected | Not affected | Not affected | Not affected |
python3.10 | — | Not affected | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Not affected |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |
python3.8 | — | Not in release | Not affected | Not affected | Not in release |
python3.9 | — | Not in release | Not affected | Not in release | Not in release |
CVE-2015-20107
Low prioritySome fixes available 17 of 18
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that...
8 affected packages
python2.7, python3.10, python3.4, python3.5, python3.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Fixed | Fixed | Fixed | Fixed |
python3.10 | Not in release | Fixed | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
python3.9 | Not in release | Not in release | Fixed | Not in release | Not in release |