CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

UBUNTU-CVE-2022-42969

DISPUTED The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as...

d8s-asns (>=0.2.0 <=0.7.0), d8s-domains (>=0.2.0 <=0.6.0) +9 more potentially affected by CVE-2022-41382 via d8s-json (=0.3.0)

d8s-json PYPI version =0.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on d8s-json and may be impacted: - d8s-asns =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.8.0 Source cves: CVE-2022-41382 Source advisory:...

PYSEC-2022-43079

The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

d8s-urls (=0.1.0) potentially affected by unknown CVE via democritus-domains (=2021.1.2101)

democritus-domains PYPI version =2021.1.2101 is affected by a known vulnerability. The following packages have a transitive dependency on democritus-domains and may be impacted: - d8s-urls =0.1.0 Source cves: unknown CVE Source advisory: SNYK:PYTHON-DEMOCRITUSDOMAINS-8400830...

d8s-asns (=0.1.0), d8s-domains (=0.1.0) +8 more potentially affected by unknown CVE via democritus-user-agents (=2021.1.2101)

democritus-user-agents PYPI version =2021.1.2101 is affected by a known vulnerability. The following packages have a transitive dependency on democritus-user-agents and may be impacted: - d8s-asns =0.1.0 - d8s-domains =0.1.0 - d8s-html =0.1.0 - d8s-ip-addresses =0.1.0 - d8s-mpeg =0.1.0 -...

PT-2022-37342 · Unknown +1 · Democritus-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-math version 0.1.0 Description: The d8s-math library for Python contains a potential code-execution backdoor. This backdoor is attributed to the democritus-strings package, which was inserted by a third party. Recommendations: For version...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4868 more potentially affected by CVE-2022-35959 via tensorflow (>=1.0.1 <=2.7.1)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-35959 Source advisory: OSV:GHSA-WXJJ-CGCX-R3VQ...

CLSA-2022-1663183291 Fixed CVE-2021-28861 in python3

CVE-2021-28861: fix redirection vulnerability in http.server - fix tests to be compatible with expat 2.2.5...

DEBIAN-CVE-2022-36087

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of urivalidate functions depending where it is used. OAuthLib...

DDMAL MEI2Volpiano 代码问题漏洞

MEI2Volpiano is an open source Python library from DDMAL Canada. It is used to convert Neume and CWMN MEI files to Volpiano strings. A security vulnerability exists in DDMAL MEI2Volpiano version 0.8.2, which stems from the use of the insecure xml.etree library to parse untrusted XML inputs...

Masky - Python Library With CLI Allowing To Remotely Dump Domain User Credentials Via An ADCS Without Dumping The LSASS Process Memory

Masky is a python library providing an alternative way to remotely dump domain users' credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX, NT hashes and TGT on a larger scope. This tool does not exploit any new vulnerability and...

untangle vulnerable to Improper Restriction of XML External Entity Reference

Description untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files. Impact An attacker may...

GHSA-F83Q-2CP7-QRJG untangle vulnerable to Improper Restriction of XML External Entity Reference

Description untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files. Impact An attacker may...

USN-5549-1 python-django vulnerability

It was discovered that Django incorrectly handled certain FileResponse. An attacker could possibly use this issue to expose sensitive information or gain access over user machine...

USN-5532-1 python-bottle vulnerability

It was discovered that Bottle incorrectly handled errors during early request binding. An attacker could possibly use this issue to disclose sensitive information. CVE-2022-31799...

CVE-2022-31471

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files...

CVE-2022-33977

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service DoS condition on the server where the...

PYSEC-2022-243

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service DoS condition on the server where the...

CVE-2022-33977

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service DoS condition on the server where the...