Security vulnerabilitiesΒΆ

Total: 48 vulnerabilities.

Vulnerability Disclosure Fixed In Vulnerable
Expat 2.2.3 2017-07-17 2.7.14
3.3.7
3.6.3
3.4
3.5
Environment variables injection in subprocess on Windows 2017-06-22 2.7.14
3.3.7
3.4.7
3.5.4
3.6.2
CVE-2017-9233: Expat 2.2.1 2017-06-17 2.7.14
3.3.7
3.4.7
3.5.4
3.6.2
bpo-30500: urllib connects to a wrong host 2017-05-29 2.7.14
3.3.7
3.4.7
3.5.4
3.6.2
urllib FTP protocol stream injection 2017-02-20 2.7.14
3.3.7
3.4.7
3.5.4
3.6.3
CVE-2016-0718: expat 2.2, bug #537 2017-02-17 2.7.14
3.3.7
3.4.7
3.5.4
3.6.2
update zlib to 1.2.11 2017-01-05 2.7.14
3.5.4
3.6.1
3.4
Issue #28563: gettext.c2py() 2016-10-30 2.7.13
3.3.7
3.4.6
3.5.3
3.6.0
CVE-2016-2183: Sweet32 attack (DES, 3DES) 2016-08-24 2.7.13
3.4.7
3.5.3
3.6.0
CVE-2016-1000110: HTTPoxy attack 2016-07-18 2.7.13
3.3.7
3.4.6
3.5.3
3.6.0
CVE-2016-0772: smtplib TLS stripping 2016-06-11 2.7.12
3.3.7
3.4.5
3.5.2
3.6.0
Issue #26657: HTTP directory traversal 2016-03-28 2.7.12
3.3.7
3.4.7
3.5.2
3.6.0
Issue #26556: Expat 2.1.1 2016-03-14 2.7.12
3.3.7
3.4.5
3.5.2
3.6.0
CVE-2016-5636: zipimporter overflow 2016-01-21 2.7.12
3.3.7
3.4.5
3.5.2
3.6.0
CVE-2016-5699: HTTP header injection 2014-11-24 2.7.10
3.3.7
3.4.4
3.5.0
CVE-2014-9365: Validate TLS certificate 2014-08-28 2.7.9
3.4.3
3.5.0
CVE-2014-7185: buffer() integer overflows 2014-06-24 2.7.8
CVE-2014-4616: JSONDecoder.raw_decode 2014-04-13 2.7.7
3.2.6
3.3.6
3.4.1
3.5.0
CVE-2014-2667: os.makedirs() not thread-safe 2014-03-28 3.2.6
3.3.6
3.4.1
3.5.0
CVE-2014-1912: socket.recvfrom_into() overflow 2014-01-14 2.7.7
3.2.6
3.3.4
3.4.0
CVE-2013-7338: zipfile DoS using malformed file 2013-12-27 3.3.4
3.4.0
Issue #19435: CGI directory traversal 2013-10-29 2.7.6
3.2.6
3.3.4
3.4.0
CVE-2013-4238: ssl: NUL in subjectAltNames 2013-06-27 2.6.9
2.7.6
3.2.6
3.3.3
3.4.0
CVE-2013-7440: ssl.match_hostname() IDNA issue 2013-05-17 3.3.3
3.4.0
CVE-2013-2099: ssl.match_hostname() wildcard DoS 2013-05-15 3.2.6
3.3.3
3.4.0
CVE-2013-1752: ftplib unlimited read 2012-09-25 2.7.6
3.2.6
3.3.3
3.4.0
CVE-2013-1752: nntplib unlimited read 2012-09-25 2.6.9
2.7.6
3.2.6
3.3.7
3.4.3
3.5.0
CVE-2013-1752: poplib unlimited read 2012-09-25 2.7.9
3.2.6
3.3.7
3.4.3
3.5.0
CVE-2013-1752: smtplib unlimited read 2012-09-25 2.7.9
3.2.6
3.3.7
3.4.3
3.5.0
CVE-2013-1753: xmlrpc gzip unlimited read 2012-09-25 2.7.9
3.3.7
3.4.3
3.5.0
CVE-2013-7040: Hash not properly randomized 2012-04-19 3.4.0 2.7
CVE-2012-2135: UTF-16 decoder 2012-04-14 2.7.4
3.2.4
3.3.0
CVE-2012-0845: XML-RPC DoS 2012-02-13 2.6.8
2.7.3
3.1.5
3.2.3
3.3.0
CVE-2011-3389: ssl CBC IV attack 2012-01-27 2.6.8
2.7.3
3.1.5
3.2.3
3.3.0
CVE-2012-1150: Hash DoS 2011-12-28 2.6.8
2.7.3
3.1.5
3.2.3
3.3.0
CVE-2011-4944: pypirc created insecurely 2011-11-30 2.7.4
3.2.4
3.3.1
3.4.0
CVE-2011-1521: urllib redirect 2011-03-24 2.5.6
2.6.7
2.7.2
3.1.4
3.2.1
3.3.0
CVE-2011-4940: SimpleHTTPServer UTF-7 2011-03-08 2.5.6
2.6.7
2.7.2
3.2.4
3.3.1
3.4.0
CVE-2010-1634: audioop integer overflows 2010-05-10 2.6.6
2.7.0
3.1.3
3.2.0
CVE-2010-2089: audioop input validation 2010-01-11 2.6.6
2.7.2
3.1.3
3.2.0
CVE-2013-1752: httplib unlimited read 2009-08-28 2.7.2
3.1.4
3.2.0
CVE-2010-3492: smtpd accept bug 2009-08-14 2.7.4
3.2.0
CVE-2010-3493: smtpd race conditions 2009-08-14 2.7.1
3.1.3
3.2.1
3.3.0
CVE-2008-2315: Multiple integer overflows (Apple) 2008-07-31 2.6.0
3.0.0
CVE-2008-3143: Multiple integer overflows (Google) 2008-04-11 2.5.3
2.6.0
3.0.0
CVE-2008-5031: expandtab() integer overflow 2008-03-11 2.5.3
2.6.0
3.0.0
CVE-2011-1015: CGI directory traversal 2008-03-07 2.7.0
3.2.4
3.3.1
3.4.0
CVE-2007-4965: rgbimg and imageop overflows 2007-09-16 2.5.3
2.6.0

Table of Contents: