Search CVE reports
41 – 50 of 69 results
CVE-2020-27619
Low priorityIn Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
7 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
python3.9 | Not in release | Not in release | Not affected | Not in release | Not in release |
CVE-2020-26116
Medium prioritySome fixes available 6 of 9
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control...
7 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.8 | Not in release | Not in release | Not affected | Fixed | Not in release |
python3.9 | Not in release | Not in release | Not affected | Not in release | Not in release |
CVE-2020-15801
Unknown priorityIn Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.
7 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | — | — | Not affected | Not affected | Not affected |
python3.4 | — | — | Not in release | Not in release | Not in release |
python3.5 | — | — | Not in release | Not in release | Not affected |
python3.6 | — | — | Not in release | Not affected | Not in release |
python3.7 | — | — | Not in release | Not affected | Not in release |
python3.8 | — | — | Not affected | Not affected | Not in release |
python3.9 | — | — | Not affected | Not in release | Not in release |
CVE-2019-20907
Medium prioritySome fixes available 11 of 17
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
6 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7, python3.8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Fixed | Fixed | Fixed |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
CVE-2020-14422
Low prioritySome fixes available 8 of 15
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by...
6 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7, python3.8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
CVE-2019-9674
Negligible prioritySome fixes available 9 of 16
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.
6 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7, python3.8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Vulnerable | Fixed | Fixed | Fixed |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.8 | Not in release | Not in release | Not affected | Not affected | Not in release |
CVE-2020-8492
Low prioritySome fixes available 13 of 18
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of...
6 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7, python3.8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Fixed | Fixed | Fixed |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
CVE-2019-18348
Medium prioritySome fixes available 12 of 17
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument...
6 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7, python3.8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Not affected | Fixed | Fixed |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
CVE-2019-17514
Negligible prioritySome fixes available 11 of 22
library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this...
6 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7, python3.8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Vulnerable | Fixed | Fixed | Fixed |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
CVE-2019-16935
Low prioritySome fixes available 9 of 10
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python...
6 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7, python3.8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Not affected | Fixed | Fixed |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Not affected | Not in release |
python3.8 | Not in release | Not in release | Not affected | Not affected | Not in release |