Search CVE reports
1 – 4 of 4 results
When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.
14 affected packages
jython, pypy3, python2.7, python3.4, python3.5...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jython | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pypy3 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| python2.7 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| python3.4 | Not in release | Not in release | — | — |
| python3.5 | Not in release | Not in release | — | — |
| python3.6 | Not in release | Not in release | — | Needs evaluation |
| python3.7 | Not in release | Not in release | — | Needs evaluation |
| python3.8 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| python3.9 | Not in release | Not in release | Needs evaluation | — |
| python3.10 | Not in release | Needs evaluation | — | — |
| python3.11 | Not in release | Needs evaluation | — | — |
| python3.12 | Needs evaluation | Not in release | — | — |
| python3.13 | Not in release | Not in release | — | — |
| python3.14 | Not in release | Not in release | — | — |
Some fixes available 13 of 24
If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.
13 affected packages
pypy3, python2.7, python3.4, python3.5, python3.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pypy3 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| python2.7 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| python3.4 | Not in release | Not in release | — | — |
| python3.5 | Not in release | Not in release | — | — |
| python3.6 | Not in release | Not in release | — | Fixed |
| python3.7 | Not in release | Not in release | — | Fixed |
| python3.8 | Not in release | Not in release | Fixed | Fixed |
| python3.9 | Not in release | Not in release | Fixed | — |
| python3.10 | Not in release | Fixed | — | — |
| python3.11 | Not in release | Fixed | — | — |
| python3.12 | Fixed | Not in release | — | — |
| python3.13 | Not in release | Not in release | — | — |
| python3.14 | Not in release | Not in release | — | — |
Some fixes available 18 of 24
The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for...
12 affected packages
pypy3, python2.7, python3.4, python3.5, python3.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pypy3 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| python2.7 | Not in release | Fixed | Fixed | Fixed |
| python3.4 | Not in release | Not in release | Not in release | — |
| python3.5 | Not in release | Not in release | Not in release | — |
| python3.6 | Not in release | Not in release | Not in release | Fixed |
| python3.7 | Not in release | Not in release | Not in release | Fixed |
| python3.8 | Not in release | Not in release | Fixed | Fixed |
| python3.9 | Not in release | Not in release | Fixed | — |
| python3.10 | Not in release | Fixed | Not in release | — |
| python3.11 | Not in release | Fixed | Not in release | — |
| python3.12 | Fixed | Not in release | Not in release | — |
| python3.13 | Not in release | Not in release | Not in release | — |
Some fixes available 16 of 20
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the...
13 affected packages
php7.2, php7.4, pypy3, pysha3, php5...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php7.2 | — | Not in release | Not in release | Fixed |
| php7.4 | — | Not in release | Fixed | Not in release |
| pypy3 | Not affected | Fixed | Fixed | Not in release |
| pysha3 | Not in release | Fixed | Fixed | Needs evaluation |
| php5 | — | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Fixed | Not in release | Not in release |
| python3.10 | Not in release | Fixed | Not in release | Not in release |
| python3.6 | — | Not in release | Not in release | Fixed |
| python3.7 | — | Not in release | Not in release | Fixed |
| python3.8 | — | Not in release | Fixed | Fixed |
| python3.9 | — | Not in release | Fixed | Not in release |
| python3.11 | Not in release | Not affected | Not in release | Not in release |