Search CVE reports
41 – 45 of 45 results
CVE-2021-3177
Medium prioritySome fixes available 14 of 15
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by...
7 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | Not in release | Not affected | Fixed | Fixed | Fixed |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
| python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
| python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
| python3.9 | Not in release | Not in release | Fixed | Not in release | Not in release |
CVE-2020-27619
Low priorityIn Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
7 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
| python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
| python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
| python3.9 | Not in release | Not in release | Not affected | Not in release | Not in release |
CVE-2020-26116
Medium prioritySome fixes available 6 of 9
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control...
7 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
| python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
| python3.8 | Not in release | Not in release | Not affected | Fixed | Not in release |
| python3.9 | Not in release | Not in release | Not affected | Not in release | Not in release |
CVE-2020-15801
Unknown priorityIn Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.
7 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | — | Not affected | Not affected | Not affected |
| python3.4 | — | — | Not in release | Not in release | Not in release |
| python3.5 | — | — | Not in release | Not in release | Not affected |
| python3.6 | — | — | Not in release | Not affected | Not in release |
| python3.7 | — | — | Not in release | Not affected | Not in release |
| python3.8 | — | — | Not affected | Not affected | Not in release |
| python3.9 | — | — | Not affected | Not in release | Not in release |
CVE-2007-4559
Medium prioritySome fixes available 2 of 30
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR...
16 affected packages
python2.3, python2.4, python2.5, python2.6, python2.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.3 | — | — | — | — | — |
| python2.4 | — | — | — | — | — |
| python2.5 | — | — | — | — | — |
| python2.6 | — | — | — | — | — |
| python2.7 | — | Ignored | Ignored | Ignored | Ignored |
| python3.0 | — | — | — | — | — |
| python3.1 | — | — | — | — | — |
| python3.10 | — | Fixed | Not in release | Not in release | Not in release |
| python3.11 | — | Ignored | Not in release | Not in release | Not in release |
| python3.12 | — | Not in release | Not in release | Not in release | Not in release |
| python3.4 | — | Not in release | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release | Ignored |
| python3.6 | — | Not in release | Not in release | Ignored | Not in release |
| python3.7 | — | Not in release | Not in release | Ignored | Not in release |
| python3.8 | — | Not in release | Ignored | Ignored | Not in release |
| python3.9 | — | Not in release | Ignored | Not in release | Not in release |