Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 25 results


CVE-2018-1000030

Low priority

Some fixes available 2 of 3

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not...

7 affected packages

python2.6, python2.7, python3.2, python3.4, python3.5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.6 Not in release Not in release
python2.7 Not affected Fixed
python3.2 Not in release Not in release
python3.4 Not in release Not in release
python3.5 Not in release Not affected
python3.6 Not affected Not in release
python3.7 Not affected Not in release
Show all 7 packages Show less packages

CVE-2017-17522

Medium priority
Ignored

** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct...

8 affected packages

jython, python2.6, python2.7, python3.2, python3.4...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jython Not affected Not affected Not affected Not affected
python2.6 Not in release Not in release Not in release Not in release
python2.7 Not affected Not affected Not affected Not affected
python3.2 Not in release Not in release Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not affected
python3.6 Not in release Not in release Not affected Not in release
python3.7 Not in release Not in release Not affected Not in release
Show all 8 packages Show less packages

CVE-2013-7040

Low priority
Ignored

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for...

5 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.6
python2.7
python3.1
python3.2
python3.3
Show less packages

CVE-2013-7338

Low priority
Ignored

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3)...

6 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3, python3.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.6
python2.7
python3.1
python3.2
python3.3
python3.4
Show less packages

CVE-2014-1912

Medium priority

Some fixes available 8 of 9

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

6 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3, python3.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.6
python2.7
python3.1
python3.2
python3.3
python3.4
Show less packages

CVE-2013-0340

Medium priority
Ignored

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption),...

40 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2
apr-util
audacity
ayttm
cableswig
cadaver
celementtree
cmake
coin3
expat
gdcm
ghostscript
grmonitor
insighttoolkit
kompozer
libparagui1.1
matanza
paraview
poco
python-xml
python2.4
python2.5
python2.6
simgear
sitecopy
smart
swish-e
tdom
texlive-bin
tla
vnc4
vtk
w3c-libwww
wbxml2
wxwidgets2.6
wxwidgets2.8
wxwindows2.4
xmlrpc-c
xotcl
xulrunner
Show all 40 packages Show less packages

CVE-2013-4238

Medium priority

Some fixes available 8 of 9

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...

5 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.6
python2.7
python3.1
python3.2
python3.3
Show less packages

CVE-2011-4944

Low priority

Some fixes available 13 of 16

Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

7 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.4
python2.5
python2.6
python2.7
python3.1
python3.2
python3.3
Show all 7 packages Show less packages

CVE-2012-1147

Low priority
Ignored

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

40 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Ignored Ignored
apr-util Ignored Ignored
audacity Not affected Not affected
ayttm Not in release Not affected
cableswig Not in release Not affected
cadaver Not affected Not affected
celementtree Not in release Not in release
cmake Ignored Ignored
coin3 Not affected Not affected
expat Not affected Not affected
gdcm Not affected Not affected
ghostscript Ignored Ignored
grmonitor Not in release Not in release
insighttoolkit Not in release Not affected
kompozer Not in release Not in release
libparagui1.1 Not in release Not in release
matanza Not affected Not affected
paraview Not affected Not affected
poco Not affected Not affected
python-xml Not in release Not in release
python2.4 Not in release Not in release
python2.5 Not in release Not in release
python2.6 Not in release Not in release
simgear Not affected Not affected
sitecopy Not affected Not affected
smart Ignored Ignored
swish-e Not affected Not affected
tdom Not affected Not affected
texlive-bin Ignored Ignored
tla Not affected Not affected
vnc4 Ignored Ignored
vtk Not in release Not affected
w3c-libwww Not in release Not in release
wbxml2 Not affected Not affected
wxwidgets2.6 Not in release Not in release
wxwidgets2.8 Not in release Not in release
wxwindows2.4 Not in release Not in release
xmlrpc-c Ignored Ignored
xotcl Not affected Not affected
xulrunner Not in release Not in release
Show all 40 packages Show less packages

CVE-2012-1148

Low priority

Some fixes available 40 of 398

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause...

41 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
audacity Needs evaluation Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Vulnerable
cableswig Not in release Not in release Not in release Not in release Vulnerable
cadaver Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
celementtree Not in release Not in release Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Vulnerable Vulnerable
expat Not affected Not affected Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
grmonitor Not in release Not in release Not in release Not in release Not in release
insighttoolkit Not in release Not in release Not in release Not in release Vulnerable
kompozer Not in release Not in release Not in release Not in release Not in release
libparagui1.1 Not in release Not in release Not in release Not in release Not in release
libxmltok Vulnerable Fixed Fixed Fixed Fixed
matanza Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
paraview Not affected Not affected Not affected Not affected Not affected
poco Not affected Not affected Not affected Not affected Not affected
python-xml Not in release Not in release Not in release Not in release Not in release
python2.4 Not in release Not in release Not in release Not in release Not in release
python2.5 Not in release Not in release Not in release Not in release Not in release
python2.6 Not in release Not in release Not in release Not in release Not in release
simgear Not affected Not affected Not affected Not affected Not affected
sitecopy Not in release Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not affected Not affected
swish-e Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
tdom Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
tla Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Ignored Ignored
vtk Not in release Not in release Not in release Not in release Not affected
w3c-libwww Not in release Not in release Not in release Not in release Not in release
wbxml2 Not affected Not affected Not affected Not affected Not affected
wxwidgets2.6 Not in release Not in release Not in release Not in release Not in release
wxwidgets2.8 Not in release Not in release Not in release Not in release Not in release
wxwindows2.4 Not in release Not in release Not in release Not in release Not in release
xmlrpc-c Fixed Fixed Fixed Fixed Fixed
xotcl Not affected Not affected Not affected Not affected Not affected
xulrunner Not in release Not in release Not in release Not in release Not in release
Show all 41 packages Show less packages