Python versions 3.4 and 3.5 suffer from a vulnerability caused by the behavior of the xmlparse_setattro() function. When called, the function uses the provided name argument in several conditional statements which assume that the name argument is a string. However, if a name argument is provided that is not a string, this logic will make several calls to PyUnicode_CompareWithASCIIString that expect a string, yet receive some other type of object, leading to a type confusion vulnerability.
2f285d0b1a031d0ca91b5be2513b66aa771b0b6b0abc07f26cece30a0372c084
Cisco's tools site suffered from multiple cross site scripting vulnerabilities.
1f9fd61e7de68f122c09b61c8fb1d95447232133a9e9981cbe4adf441844fcdc
Python 3.5 suffers from a vulnerability caused by the behavior of the time_strftime() function. When called, the function loops over the format string provided, using strchr to search for each instance of '%'. After finding a '%', it continues to search two characters ahead, assuming that each instance is the beginning of a well formed format string token. However, if a string ends with '%', this logic will result in a call to strchr that reads off the end of the format string buffer.
247c41f7b289418808f840d29093ddf7d7fec17408a6503c55ac90be7d7cdeb1