CVE-2022-44900

A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file...

Unblob - Extract Files From Any Kind Of Container Formats

unblob is an accurate, fast, and easy-to-use extraction suite. It parses unknown binary blobs for more than 30 different archive, compression, and file-system formats , extracts their content recursively , and carves out unknown chunks that have not been accounted for. Unblob is free to use ,...

aicrowd-cli (>=0.1.8 <=0.1.15), aim-cli (>=1.0.0 <=1.2.7rc4) +457 more potentially affected by CVE-2022-24439 via gitpython (>=0.3.4 <=3.1.3)

gitpython PYPI version =0.3.4, =0.1.8, =1.0.0, =1.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =0.1.0, =0.1.0, =0.2.0, =0.3.1 and more Source cves: CVE-2022-24439 Source advisory: SNYK:PYTHON-GITPYTHON-3113858...

CVE-2022-44053

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...

PYSEC-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled...

GHSA-W596-4WVX-J9J6 Withdrawn Advisory: ReDoS in py library when used with subversion

Withdrawn Advisory This advisory has been withdrawn because evidence does not suggest that CVE-2022-42969 is a valid, reproducible vulnerability. This link is maintained to preserve external references. Original Description The py library through 1.11.0 for Python allows remote attackers to condu...

DEBIAN-CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

PYSEC-2022-43183

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

UBUNTU-CVE-2022-42969

DISPUTED The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as...

d8s-asns (>=0.2.0 <=0.7.0), d8s-domains (>=0.2.0 <=0.6.0) +9 more potentially affected by CVE-2022-41382 via d8s-json (=0.3.0)

d8s-json PYPI version =0.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on d8s-json and may be impacted: - d8s-asns =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.8.0 Source cves: CVE-2022-41382 Source advisory:...

PYSEC-2022-43079

The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

d8s-asns (=0.1.0), d8s-domains (=0.1.0) +8 more potentially affected by unknown CVE via democritus-user-agents (=2021.1.2101)

democritus-user-agents PYPI version =2021.1.2101 is affected by a known vulnerability. The following packages have a transitive dependency on democritus-user-agents and may be impacted: - d8s-asns =0.1.0 - d8s-domains =0.1.0 - d8s-html =0.1.0 - d8s-ip-addresses =0.1.0 - d8s-mpeg =0.1.0 -...

d8s-urls (=0.1.0) potentially affected by unknown CVE via democritus-domains (=2021.1.2101)

democritus-domains PYPI version =2021.1.2101 is affected by a known vulnerability. The following packages have a transitive dependency on democritus-domains and may be impacted: - d8s-urls =0.1.0 Source cves: unknown CVE Source advisory: SNYK:PYTHON-DEMOCRITUSDOMAINS-8400830...

PT-2022-37342 · Unknown +1 · Democritus-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-math version 0.1.0 Description: The d8s-math library for Python contains a potential code-execution backdoor. This backdoor is attributed to the democritus-strings package, which was inserted by a third party. Recommendations: For version...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4899 more potentially affected by CVE-2022-35959 via tensorflow (>=1.0.1 <=2.7.1)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-35959 Source advisory: OSV:GHSA-WXJJ-CGCX-R3VQ...

CLSA-2022-1663183291 Fixed CVE-2021-28861 in python3

CVE-2021-28861: fix redirection vulnerability in http.server - fix tests to be compatible with expat 2.2.5...

DEBIAN-CVE-2022-36087

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of urivalidate functions depending where it is used. OAuthLib...

DDMAL MEI2Volpiano 代码问题漏洞

MEI2Volpiano is an open source Python library from DDMAL Canada. It is used to convert Neume and CWMN MEI files to Volpiano strings. A security vulnerability exists in DDMAL MEI2Volpiano version 0.8.2, which stems from the use of the insecure xml.etree library to parse untrusted XML inputs...

Masky - Python Library With CLI Allowing To Remotely Dump Domain User Credentials Via An ADCS Without Dumping The LSASS Process Memory

Masky is a python library providing an alternative way to remotely dump domain users' credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX, NT hashes and TGT on a larger scope. This tool does not exploit any new vulnerability and...