Search CVE reports
61 – 70 of 72 results
CVE-2019-5010
Low prioritySome fixes available 7 of 8
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service....
5 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Not affected | Fixed | Fixed |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2018-20406
Low priorityModules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the...
5 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2018-14647
Medium priorityPython's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would...
5 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Not affected | Fixed | Fixed |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
CVE-2018-1000802
Medium priorityPython Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result...
5 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | — | — | — | Fixed | Fixed |
python3.4 | — | — | — | Not in release | Not in release |
python3.5 | — | — | — | Not in release | Not affected |
python3.6 | — | — | — | Not affected | Not in release |
python3.7 | — | — | — | Not affected | Not in release |
CVE-2018-1061
Low prioritySome fixes available 5 of 8
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
5 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Not affected | Not affected | Fixed |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Not affected | Not in release |
python3.7 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2018-1060
Low prioritySome fixes available 5 of 8
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
5 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Not affected | Not affected | Fixed |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Not affected | Not in release |
python3.7 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2018-1000117
Medium priorityPython Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege....
4 affected packages
python3.4, python3.5, python3.6, python3.7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Not affected |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2017-18207
Low priority** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted...
5 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | — | Ignored | Ignored | Ignored | Ignored |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Ignored |
python3.6 | — | Not in release | Not in release | Ignored | Not in release |
python3.7 | — | Not in release | Not in release | Ignored | Not in release |
CVE-2018-1000030
Low prioritySome fixes available 2 of 3
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not...
7 affected packages
python2.6, python2.7, python3.2, python3.4, python3.5...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.6 | — | — | — | Not in release | Not in release |
python2.7 | — | — | — | Not affected | Fixed |
python3.2 | — | — | — | Not in release | Not in release |
python3.4 | — | — | — | Not in release | Not in release |
python3.5 | — | — | — | Not in release | Not affected |
python3.6 | — | — | — | Not affected | Not in release |
python3.7 | — | — | — | Not affected | Not in release |
CVE-2017-17522
Medium priority** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct...
8 affected packages
jython, python2.6, python2.7, python3.2, python3.4...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jython | — | Not affected | Not affected | Not affected | Not affected |
python2.6 | — | Not in release | Not in release | Not in release | Not in release |
python2.7 | — | Not affected | Not affected | Not affected | Not affected |
python3.2 | — | Not in release | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Not affected |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |