Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

41 – 50 of 73 results


CVE-2020-26116

Medium priority

Some fixes available 6 of 9

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control...

7 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7 Not in release Not affected Not affected Not affected Not affected
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Fixed
python3.6 Not in release Not in release Not in release Fixed Not in release
python3.7 Not in release Not in release Not in release Fixed Not in release
python3.8 Not in release Not in release Not affected Fixed Not in release
python3.9 Not in release Not in release Not affected Not in release Not in release
Show all 7 packages Show less packages

CVE-2020-15801

Unknown priority
Not affected

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.

7 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7 Not affected Not affected Not affected
python3.4 Not in release Not in release Not in release
python3.5 Not in release Not in release Not affected
python3.6 Not in release Not affected Not in release
python3.7 Not in release Not affected Not in release
python3.8 Not affected Not affected Not in release
python3.9 Not affected Not in release Not in release
Show all 7 packages Show less packages

CVE-2019-20907

Medium priority

Some fixes available 11 of 17

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

6 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7, python3.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7 Not in release Not affected Fixed Fixed Fixed
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Fixed
python3.6 Not in release Not in release Not in release Fixed Not in release
python3.7 Not in release Not in release Not in release Fixed Not in release
python3.8 Not in release Not in release Fixed Fixed Not in release
Show less packages

CVE-2020-14422

Low priority

Some fixes available 8 of 15

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by...

6 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7, python3.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7 Not in release Not affected Not affected Not affected Not affected
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Fixed
python3.6 Not in release Not in release Not in release Fixed Not in release
python3.7 Not in release Not in release Not in release Fixed Not in release
python3.8 Not in release Not in release Fixed Fixed Not in release
Show less packages

CVE-2019-9674

Negligible priority

Some fixes available 9 of 16

Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.

6 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7, python3.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7 Not in release Vulnerable Fixed Fixed Fixed
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Fixed
python3.6 Not in release Not in release Not in release Fixed Not in release
python3.7 Not in release Not in release Not in release Fixed Not in release
python3.8 Not in release Not in release Not affected Not affected Not in release
Show less packages

CVE-2020-8492

Low priority

Some fixes available 13 of 18

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of...

6 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7, python3.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7 Not in release Not affected Fixed Fixed Fixed
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Fixed
python3.6 Not in release Not in release Not in release Fixed Not in release
python3.7 Not in release Not in release Not in release Fixed Not in release
python3.8 Not in release Not in release Fixed Fixed Not in release
Show less packages

CVE-2019-18348

Medium priority

Some fixes available 12 of 17

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument...

6 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7, python3.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7 Not in release Not affected Not affected Fixed Fixed
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Fixed
python3.6 Not in release Not in release Not in release Fixed Not in release
python3.7 Not in release Not in release Not in release Fixed Not in release
python3.8 Not in release Not in release Fixed Fixed Not in release
Show less packages

CVE-2019-17514

Negligible priority

Some fixes available 11 of 22

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this...

6 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7, python3.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7 Not in release Vulnerable Fixed Fixed Fixed
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Fixed
python3.6 Not in release Not in release Not in release Fixed Not in release
python3.7 Not in release Not in release Not in release Fixed Not in release
python3.8 Not in release Not in release Fixed Fixed Not in release
Show less packages

CVE-2019-16935

Low priority

Some fixes available 9 of 10

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python...

6 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7, python3.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7 Not in release Not affected Not affected Fixed Fixed
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Fixed
python3.6 Not in release Not in release Not in release Fixed Not in release
python3.7 Not in release Not in release Not in release Not affected Not in release
python3.8 Not in release Not in release Not affected Not affected Not in release
Show less packages

CVE-2019-16056

Medium priority
Fixed

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the...

5 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7 Not in release Not affected Not affected Fixed Fixed
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Fixed
python3.6 Not in release Not in release Not in release Fixed Not in release
python3.7 Not in release Not in release Not in release Not affected Not in release
Show less packages