Search CVE reports

51 – 60 of 82 results

Detailed view

Sort by:

CVE-2020-8492

Low priority

Some fixes available 13 of 18

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of...

6 affected packages

python3.4, python3.5, python3.6, python3.7, python3.8, python2.7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Fixed
python3.8	Not in release	Not in release	Fixed	Fixed
python2.7	Not in release	Not affected	Fixed	Fixed

CVE-2020-27619

Low priority

Fixed

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

7 affected packages

python3.9, python2.7, python3.8, python3.4, python3.5...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python3.9	Not in release	Not in release	Not affected	Not in release
python2.7	Not in release	Not affected	Not affected	Not affected
python3.8	Not in release	Not in release	Fixed	Fixed
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Fixed

CVE-2020-26116

Medium priority

Some fixes available 6 of 9

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control...

7 affected packages

python3.9, python2.7, python3.8, python3.7, python3.4...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python3.9	Not in release	Not in release	Not affected	Not in release
python2.7	Not in release	Not affected	Not affected	Not affected
python3.8	Not in release	Not in release	Not affected	Fixed
python3.7	Not in release	Not in release	Not in release	Fixed
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Fixed

CVE-2020-15801

Medium priority

Not affected

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.

7 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	—	—	Not affected	Not affected
python3.4	—	—	Not in release	Not in release
python3.5	—	—	Not in release	Not in release
python3.6	—	—	Not in release	Not affected
python3.7	—	—	Not in release	Not affected
python3.8	—	—	Not affected	Not affected
python3.9	—	—	Not affected	Not in release

CVE-2020-14422

Low priority

Some fixes available 8 of 15

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by...

6 affected packages

python2.7, python3.4, python3.8, python3.5, python3.6, python3.7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Not affected	Not affected	Not affected
python3.4	Not in release	Not in release	Not in release	Not in release
python3.8	Not in release	Not in release	Fixed	Fixed
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Fixed

CVE-2020-10735

Negligible priority

Ignored

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits...

9 affected packages

python2.7, python3.10, python, python3.4, python3.5...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	—	Ignored	Ignored	Ignored
python3.10	—	Ignored	Not in release	Not in release
python	—	Not in release	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release
python3.6	—	Not in release	Not in release	Ignored
python3.7	—	Not in release	Not in release	Ignored
python3.8	—	Not in release	Ignored	Ignored
python3.9	—	Not in release	Ignored	Not in release

CVE-2019-9948

Medium priority

Some fixes available 9 of 11

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering...

5 affected packages

python3.5, python3.6, python2.7, python3.7, python3.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Fixed
python2.7	Not in release	Not affected	Not affected	Fixed
python3.7	Not in release	Not in release	Not in release	Not affected
python3.4	Not in release	Not in release	Not in release	Not in release

CVE-2019-9947

Medium priority

Some fixes available 9 of 12

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument...

5 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Not affected	Not affected	Fixed
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Not affected

CVE-2019-9740

Medium priority

Some fixes available 9 of 12

5 affected packages

python3.4, python3.5, python2.7, python3.6, python3.7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python2.7	Not in release	Not affected	Not affected	Fixed
python3.6	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Not affected

CVE-2019-9674

Negligible priority

Some fixes available 10 of 16

Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.

6 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7, python3.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Fixed	Fixed	Fixed
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Fixed
python3.8	Not in release	Not in release	Not affected	Not affected

Export to JSON

Results by page: