361 matches found
Design/Logic Flaw
An exponential ReDoS Regular Expression Denial of Service can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented getfiletransfertype method...
CVE-2022-42964
An exponential ReDoS Regular Expression Denial of Service can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.fromstring method...
CVE-2022-42964 Exponential ReDoS in pymatgen leads to denial of service
An exponential ReDoS Regular Expression Denial of Service can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.fromstring method...
CVE-2022-44049
The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-43096
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-43075
The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-timezones package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-43086
The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.0...
PT-2022-25835 · Pypi · D8S-Domains +1
Name of the Vulnerable Software and Affected Versions: d8s-domains version 0.1.0 Description: The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. Recommendations: For versi...
CVE-2022-40812
The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...
CVE-2022-40429
The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...
CVE-2022-40432
The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...
CVE-2022-40805
The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-hypothesis package...
PT-2022-24607 · Pypi · Democritus-Strings +1
Name of the Vulnerable Software and Affected Versions: d8s-json version 0.1.0 Description: The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. Recommendations: For version 0.1.0,...
PT-2022-37374 · Pypi · D8S-Htm +1
Name of the Vulnerable Software and Affected Versions: d8s-html version 0.1.0 Description: The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. Recommendations: For version 0.1.0...
PT-2022-37388 · Pypi · Democritus-Strings +1
Name of the Vulnerable Software and Affected Versions: d8s-python version 0.1.0 Description: The issue concerns a potential code-execution backdoor inserted by a third party into the d8s-python package distributed on PyPI. This backdoor is related to the democritus-strings package. Recommendation...
PT-2022-24612 · Pypi · Democritus-Strings +1
Name of the Vulnerable Software and Affected Versions: d8s-python version 0.1.0 Description: The d8s-python package for python, distributed on PyPI, contains a potential code-execution backdoor inserted by a third party, specifically affecting the democritus-strings package. Recommendations: For...
PT-2022-37366 · Pypi · Democritus-Hypothesis +1
Name of the Vulnerable Software and Affected Versions: d8s-uuids version 0.1.0 Description: The d8s-uuids package for Python, distributed on PyPI, contains a potential code-execution backdoor. This backdoor is attributed to the democritus-hypothesis package, which was inserted by a third party...
PT-2022-37384 · Pypi · Democritus-Strings +1
Name of the Vulnerable Software and Affected Versions: d8s-math version 0.1.0 Description: The issue concerns a potential code-execution backdoor inserted by a third party into the d8s-math package for Python, distributed on PyPI. The backdoor is identified as the democritus-strings package...
Regular expression denial of service in eth-account
An exponential ReDoS Regular Expression Denial of Service can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encodestructureddata method...
CVE-2022-1930
An exponential ReDoS Regular Expression Denial of Service can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encodestructureddata method...