Search CVE reports

Toggle filters

91 – 100 of 104 results

CVE-2018-1000802

Medium priority
Fixed

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result...

5 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python2.7 Fixed
python3.4 Not in release
python3.5 Not in release
python3.6 Not affected
python3.7 Not affected
Show less packages

CVE-2018-1061

Low priority

Some fixes available 5 of 8

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

5 affected packages

python3.4, python3.5, python2.7, python3.6, python3.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release
python2.7 Not in release Not affected Not affected Not affected
python3.6 Not in release Not in release Not in release Not affected
python3.7 Not in release Not in release Not in release Not affected
Show less packages

CVE-2018-1060

Low priority

Some fixes available 5 of 8

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

5 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python2.7 Not in release Not affected Not affected Not affected
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Not affected
python3.7 Not in release Not in release Not in release Not affected
Show less packages

CVE-2018-1000117

Medium priority
Not affected

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege....

4 affected packages

python3.4, python3.5, python3.6, python3.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python3.4 Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release
python3.6 Not in release Not in release Not affected
python3.7 Not in release Not in release Not affected
Show less packages

CVE-2017-18207

Low priority
Ignored

The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format...

5 affected packages

python2.7, python3.5, python3.4, python3.6, python3.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python2.7 Ignored Ignored Ignored
python3.5 Not in release Not in release Not in release
python3.4 Not in release Not in release Not in release
python3.6 Not in release Not in release Ignored
python3.7 Not in release Not in release Ignored
Show less packages

CVE-2018-1000030

Low priority

Some fixes available 2 of 3

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not...

7 affected packages

python2.6, python2.7, python3.2, python3.4, python3.5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python2.6 Not in release
python2.7 Not affected
python3.2 Not in release
python3.4 Not in release
python3.5 Not in release
python3.6 Not affected
python3.7 Not affected
Show all 7 packages Show less packages

CVE-2017-17522

Medium priority
Ignored

Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted...

8 affected packages

jython, python2.6, python2.7, python3.2, python3.4...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jython Not affected Not affected Not affected
python2.6 Not in release Not in release Not in release
python2.7 Not affected Not affected Not affected
python3.2 Not in release Not in release Not in release
python3.4 Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release
python3.6 Not in release Not in release Not affected
python3.7 Not in release Not in release Not affected
Show all 8 packages Show less packages

CVE-2017-1000158

Medium priority
Fixed

CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)

5 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python2.7 Not affected Not affected Not affected
python3.4 Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release
python3.6 Not in release Not in release Not affected
python3.7 Not in release Not in release Not affected
Show less packages

CVE-2016-5699

Medium priority

Some fixes available 4 of 5

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

4 affected packages

python3.4, python3.2, python2.7, python3.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python3.4 Not in release Not in release Not in release
python3.2 Not in release Not in release Not in release
python2.7 Not affected Not affected Not affected
python3.5 Not in release Not in release Not in release
Show less packages

CVE-2016-5636

Medium priority

Some fixes available 7 of 10

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which...

4 affected packages

python3.2, python2.7, python3.4, python3.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python3.2 Not in release Not in release Not in release
python2.7 Not affected Not affected Not affected
python3.4 Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release
Show less packages
  1. Previous page
  2. 7
  3. 8
  4. 9
  5. 10
  6. 11
  7. Next page
Export to JSON