Search CVE reports

41 – 50 of 53 results

Detailed view

Sort by:

CVE-2020-27619

Low priority

Fixed

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

7 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	Not in release	Not affected	Not affected	Not affected	Not affected
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Fixed
python3.6	Not in release	Not in release	Not in release	Fixed	Not in release
python3.7	Not in release	Not in release	Not in release	Fixed	Not in release
python3.8	Not in release	Not in release	Fixed	Fixed	Not in release
python3.9	Not in release	Not in release	Not affected	Not in release	Not in release

CVE-2020-26116

Medium priority

Some fixes available 6 of 9

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control...

7 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	Not in release	Not affected	Not affected	Not affected	Not affected
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Fixed
python3.6	Not in release	Not in release	Not in release	Fixed	Not in release
python3.7	Not in release	Not in release	Not in release	Fixed	Not in release
python3.8	Not in release	Not in release	Not affected	Fixed	Not in release
python3.9	Not in release	Not in release	Not affected	Not in release	Not in release

CVE-2020-15801

Unknown priority

Not affected

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.

7 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	—	—	Not affected	Not affected	Not affected
python3.4	—	—	Not in release	Not in release	Not in release
python3.5	—	—	Not in release	Not in release	Not affected
python3.6	—	—	Not in release	Not affected	Not in release
python3.7	—	—	Not in release	Not affected	Not in release
python3.8	—	—	Not affected	Not affected	Not in release
python3.9	—	—	Not affected	Not in release	Not in release

CVE-2019-20907

Medium priority

Some fixes available 11 of 17

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

6 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7, python3.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	Not in release	Not affected	Fixed	Fixed	Fixed
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Fixed
python3.6	Not in release	Not in release	Not in release	Fixed	Not in release
python3.7	Not in release	Not in release	Not in release	Fixed	Not in release
python3.8	Not in release	Not in release	Fixed	Fixed	Not in release

CVE-2020-15523

Unknown priority

Not affected

In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because...

2 affected packages

python2.7, python3.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	—	—	Not affected	Not affected	Not affected
python3.8	—	—	Not affected	Not affected	Not in release

CVE-2020-14422

Low priority

Some fixes available 8 of 15

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by...

6 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7, python3.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	Not in release	Not affected	Not affected	Not affected	Not affected
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Fixed
python3.6	Not in release	Not in release	Not in release	Fixed	Not in release
python3.7	Not in release	Not in release	Not in release	Fixed	Not in release
python3.8	Not in release	Not in release	Fixed	Fixed	Not in release

CVE-2019-9674

Negligible priority

Some fixes available 9 of 16

Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.

6 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7, python3.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	Not in release	Vulnerable	Fixed	Fixed	Fixed
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Fixed
python3.6	Not in release	Not in release	Not in release	Fixed	Not in release
python3.7	Not in release	Not in release	Not in release	Fixed	Not in release
python3.8	Not in release	Not in release	Not affected	Not affected	Not in release

CVE-2020-8492

Low priority

Some fixes available 13 of 18

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of...

6 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7, python3.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	Not in release	Not affected	Fixed	Fixed	Fixed
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Fixed
python3.6	Not in release	Not in release	Not in release	Fixed	Not in release
python3.7	Not in release	Not in release	Not in release	Fixed	Not in release
python3.8	Not in release	Not in release	Fixed	Fixed	Not in release

CVE-2020-8315

Low priority

Not affected

In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and...

2 affected packages

python3.7, python3.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python3.7	—	—	—	Not affected	Not in release
python3.8	—	—	—	Not affected	Not in release

CVE-2019-18348

Medium priority

Some fixes available 12 of 17

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument...

6 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7, python3.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	Not in release	Not affected	Not affected	Fixed	Fixed
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Fixed
python3.6	Not in release	Not in release	Not in release	Fixed	Not in release
python3.7	Not in release	Not in release	Not in release	Fixed	Not in release
python3.8	Not in release	Not in release	Fixed	Fixed	Not in release

Export to JSON

Results by page: