Search CVE reports

Toggle filters

41 – 45 of 45 results

CVE-2021-3733

Medium priority
Fixed

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during...

7 affected packages

python3.10, python3.4, python3.5, python3.6, python3.7...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python3.10 Not in release Not affected Not in release Not in release Ignored
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Fixed
python3.6 Not in release Not in release Not in release Fixed Ignored
python3.7 Not in release Not in release Not in release Fixed Ignored
python3.8 Not in release Not in release Fixed Fixed Ignored
python3.9 Not in release Not in release Fixed Not in release Ignored
Show all 7 packages Show less packages

CVE-2021-3737

Medium priority

Some fixes available 9 of 10

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The...

7 affected packages

python3.10, python3.4, python3.5, python3.6, python3.7...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python3.10 Not in release Not affected Not in release Not in release Ignored
python3.4 Not in release Not in release Not in release Not in release Ignored
python3.5 Not in release Not in release Not in release Not in release Fixed
python3.6 Not in release Not in release Not in release Fixed Ignored
python3.7 Not in release Not in release Not in release Fixed Ignored
python3.8 Not in release Not in release Fixed Fixed Ignored
python3.9 Not in release Not in release Fixed Not in release Ignored
Show all 7 packages Show less packages

CVE-2021-3426

Low priority

Some fixes available 10 of 11

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information...

8 affected packages

python2.7, python3.10, python3.4, python3.5, python3.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7 Not in release Not affected Not affected Not affected Not affected
python3.10 Not in release Not affected Not in release Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Fixed
python3.6 Not in release Not in release Not in release Fixed Not in release
python3.7 Not in release Not in release Not in release Fixed Not in release
python3.8 Not in release Not in release Not affected Fixed Not in release
python3.9 Not in release Not in release Fixed Not in release Not in release
Show all 8 packages Show less packages

CVE-2021-29921

Medium priority
Fixed

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

8 affected packages

python2.7, python3.10, python3.4, python3.5, python3.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7 Not in release Not affected Not affected Not affected Not affected
python3.10 Not in release Not affected Not in release Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Not affected
python3.6 Not in release Not in release Not in release Not affected Not in release
python3.7 Not in release Not in release Not in release Not affected Not in release
python3.8 Not in release Not in release Fixed Fixed Not in release
python3.9 Not in release Not in release Fixed Not in release Not in release
Show all 8 packages Show less packages

CVE-2007-4559

Medium priority

Some fixes available 2 of 30

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR...

16 affected packages

python2.3, python2.4, python2.5, python2.6, python2.7...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.3
python2.4
python2.5
python2.6
python2.7 Ignored Ignored Ignored Ignored
python3.0
python3.1
python3.10 Fixed Not in release Not in release Not in release
python3.11 Ignored Not in release Not in release Not in release
python3.12 Not in release Not in release Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Ignored
python3.6 Not in release Not in release Ignored Not in release
python3.7 Not in release Not in release Ignored Not in release
python3.8 Not in release Ignored Ignored Not in release
python3.9 Not in release Ignored Not in release Not in release
Show all 16 packages Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON