3.5.2

DATE	CVE	VULNERABILITY TITLE	RISK
2017-12-14	CVE-2017-17522	Injection vulnerability in Python Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. network low complexity python CWE-74	8.8
2017-11-17	CVE-2017-1000158	Integer Overflow or Wraparound vulnerability in multiple products CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) network low complexity python debian CWE-190 critical	9.8
2017-07-25	CVE-2017-9233	Infinite Loop vulnerability in multiple products XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. network low complexity libexpat-project python debian CWE-835	7.5
2016-09-01	CVE-2016-2183	Information Exposure vulnerability in multiple products The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. network low complexity redhat python cisco openssl oracle nodejs CWE-200	7.5
2016-06-30	CVE-2016-4472	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. network high complexity libexpat-project canonical mcafee python CWE-119	8.1
2016-05-26	CVE-2016-0718	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. network low complexity mozilla apple suse opensuse canonical libexpat-project debian mcafee python CWE-119 critical	9.8