2.7.9

DATE	CVE	VULNERABILITY TITLE	RISK
2016-09-02	CVE-2016-5636	Integer Overflow or Wraparound vulnerability in Python Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. network low complexity python CWE-190 critical	10.0
2016-09-02	CVE-2016-0772	Protection Mechanism Failure vulnerability in Python The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." network python CWE-693	5.8
2016-09-01	CVE-2016-2183	Information Exposure vulnerability in multiple products The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. network low complexity redhat python cisco openssl oracle nodejs CWE-200	7.5
2016-06-30	CVE-2016-4472	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. network high complexity libexpat-project canonical mcafee python CWE-119	8.1
2016-05-26	CVE-2016-0718	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. network low complexity mozilla apple suse opensuse canonical libexpat-project debian mcafee python CWE-119 critical	9.8
2015-10-06	CVE-2015-5652	Remote Code Execution vulnerability in Python DLL Loading 'readline.pyd' Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. local low complexity python microsoft	7.2