Vulnerabilities > Python > Python > 3.5.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-12-14 | CVE-2017-17522 | Injection vulnerability in Python Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
2017-11-17 | CVE-2017-1000158 | Integer Overflow or Wraparound vulnerability in multiple products CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) | 9.8 |
2017-07-25 | CVE-2017-9233 | Infinite Loop vulnerability in multiple products XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. | 7.5 |
2016-09-01 | CVE-2016-2183 | Information Exposure vulnerability in multiple products The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | 7.5 |
2016-06-30 | CVE-2016-4472 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. | 8.1 |
2016-05-26 | CVE-2016-0718 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | 9.8 |