Search CVE reports
61 – 68 of 68 results
Some fixes available 13 of 16
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
7 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.3 | — | — | — | — |
Some fixes available 9 of 12
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a...
6 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1, python3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
Some fixes available 4 of 7
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection,...
6 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1, python3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the...
4 affected packages
python3.2, python2.6, python2.7, python3.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python3.2 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
Some fixes available 4 of 11
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application...
6 affected packages
python3.1, python2.4, python2.5, python2.6, python2.7, python3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python3.1 | — | — | — | — |
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.2 | — | — | — | — |
Some fixes available 4 of 11
Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to...
6 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1, python3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
Some fixes available 4 of 14
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which...
6 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1, python3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
Some fixes available 2 of 28
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR...
16 affected packages
python2.3, python2.4, python2.5, python2.6, python3.0...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.3 | — | — | — | — |
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python3.0 | — | — | — | — |
| python3.1 | — | — | — | — |
| python2.7 | — | Ignored | Not in release | Ignored |
| python3.4 | — | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release |
| python3.6 | — | Not in release | Not in release | Ignored |
| python3.7 | — | Not in release | Not in release | Ignored |
| python3.8 | — | Not in release | Ignored | Ignored |
| python3.9 | — | Not in release | Not in release | Not in release |
| python3.10 | — | Fixed | Not in release | Not in release |
| python3.11 | — | Ignored | Not in release | Not in release |
| python3.12 | — | Not in release | Not in release | Not in release |