GuardDog 路径遍历漏洞

GuardDog is GuardDog open source a CLI tool that allows to identify malicious PyPI packages. A path traversal vulnerability exists in GuardDog versions prior to v0.1.8, which stems from the vulnerability to arbitrary file writes when scanning specially crafted remote PyPI packages, and the use of...

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +188 more potentially affected by CVE-2022-41890 via tensorflow-gpu (>=1.10.1 <=2.8.3)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-41890 Source advisory: OSV:GHSA-H246-CGH4-7475...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4899 more potentially affected by CVE-2022-41885 via tensorflow (>=1.0.1 <=2.7.3)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-41885 Source advisory: OSV:GHSA-762H-VPVW-3RCX...

a-poem (=0.12.3), active-wrapper (>=0.1.0 <=0.1.4) +145 more potentially affected by CVE-2022-42966 via cleo (>=0.6.8 <=1.0.0a5)

cleo PYPI version =0.6.8, =0.1.0, =0.1.3, =0.1.0, =0.1.1, =0.1.0, =0.1.0a0, =0.1.1.1, =0.1.0, =0.2.7, =0.0.465, =0.0.503 and more Source cves: CVE-2022-42966 Source advisory: OSV:GHSA-2P9H-CCW7-33GF...

PYSEC-2022-43126

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-timezones package. The affected version of d8s-htm is 0.1.0...

PT-2022-37356 · Pypi · D8S-Htm +2

Name of the Vulnerable Software and Affected Versions: d8s-xml version 0.1.0 d8s-htm version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party into the d8s-xml package for python distributed on PyPI. Another affected package is democritus-utility, which also...

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +131 more potentially affected by CVE-2022-43985 via apache-airflow (>=1.8.2 <=2.4.0)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2022-43985 Source advisory: OSV:PYSEC-2022-42971...

azure-arm-nb-extensions (>=0.0.1 <=0.0.2), chemscraper (>=0.1.0 <=0.2.0) +17 more potentially affected by CVE-2022-39286 via jupyter-core (>=4.10.0 <=4.11.1)

jupyter-core PYPI version =4.10.0, =0.0.1, =0.1.0, =1.0.0, =0.0.5, =0.0.6, =0.2.8, =9.0.2, =0.3.20, =0.0.4, =1.0.0, =0.3.5.dev2659611866, =0.0.1, =0.0.3 and more Source cves: CVE-2022-39286 Source advisory: OSV:PYSEC-2022-42974...

Updated python packages fix security vulnerability

The mailcap module does not add escape characters into commands discovered in the system mailcap file. CVE-2015-20107 Allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. CVE-2021-4189 The urlparse method does not...

MGASA-2022-0367 Updated python packages fix security vulnerability

The mailcap module does not add escape characters into commands discovered in the system mailcap file. CVE-2015-20107 Allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. CVE-2021-4189 The urlparse method does not...

d8s-asns (>=0.2.0 <=0.7.0), d8s-html (>=0.2.0 <=0.6.1) +5 more potentially affected by CVE-2022-41384 via d8s-domains (=0.6.0)

d8s-domains PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on d8s-domains and may be impacted: - d8s-asns =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.8.0 Source cves: CVE-2022-41384 Source advisory: OSV:PYSEC-2022-43023...

Important Photon OS Security Update - PHSA-2022-3.0-0463

Updates of 'python3', 'python2' packages of Photon OS have been released...

a2ml (>=1.0.20 <=1.0.55), accelerometer (>=4.2.1 <=7.5.0) +371 more potentially affected by CVE-2022-21797 via joblib (>=0.9.4 <=1.1.1)

joblib PYPI version =0.9.4, =1.0.20, =4.2.1, =1.0.88, =1.0.32, =1.3.0, =1.0.1, =1.0.0, =0.20211108144632.0, =0.2.7, =0.1.0, =0.1.5, =0.53.0, =0.0.1, =1.0.1, =1.3.1 and more Source cves: CVE-2022-21797 Source advisory: OSV:PYSEC-2022-288...

d8s-archives (=0.1.0), d8s-grammars (=0.1.0) +5 more potentially affected by unknown CVE via democritus-strings (=2021.1.28901)

democritus-strings PYPI version =2021.1.28901 is affected by a known vulnerability. The following packages have a transitive dependency on democritus-strings and may be impacted: - d8s-archives =0.1.0 - d8s-grammars =0.1.0 - d8s-json =0.1.0 - d8s-math =0.1.0 - d8s-netstrings =0.1.0 - d8s-urls...

a2ml (>=1.0.20 <=1.0.55), accelerometer (>=4.2.1 <=7.0.0.dev0) +332 more potentially affected by CVE-2022-21797 via joblib (>=1.0.0 <=1.1.0a0)

joblib PYPI version =1.0.0, =1.0.20, =4.2.1, =1.0.88, =1.0.32, =1.3.0, =1.0.0, =0.20211108144632.0, =0.2.7, =0.1.0, =0.1.5, =0.53.0, =0.0.1, =1.0.1, =1.3.1 and more Source cves: CVE-2022-21797 Source advisory: SNYK:PYTHON-JOBLIB-3027033...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4899 more potentially affected by CVE-2022-35986 via tensorflow (>=1.0.1 <=2.7.1)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-35986 Source advisory: OSV:GHSA-WR9V-G9VF-C74V...

acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-35974 via tensorflow (>=2.8.0 <=2.8.0rc1)

tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-35974 Source advisory: OSV:GHSA-VGVH-2PF4-JR2X...

aliby (>=0.1.18 <=0.1.55), aliby-baby (>=0.1.11 <=0.1.17) +29 more potentially affected by CVE-2022-35971 via tensorflow (>=2.9.0 <=2.9.0rc2)

tensorflow PYPI version =2.9.0, =0.1.18, =0.1.11, =0.30.0, =0.0.0, =1.3.0, =0.3.0, =1.0.1, =1.2.0, =0.0.6, =1.0.12, =0.1.0, =0.1.1 and more Source cves: CVE-2022-35971 Source advisory: OSV:GHSA-9FPG-838V-WPV7...

aliby (>=0.1.18 <=0.1.55), aliby-baby (>=0.1.11 <=0.1.17) +29 more potentially affected by CVE-2022-35969 via tensorflow (>=2.9.0 <=2.9.0rc2)

tensorflow PYPI version =2.9.0, =0.1.18, =0.1.11, =0.30.0, =0.0.0, =1.3.0, =0.3.0, =1.0.1, =1.2.0, =0.0.6, =1.0.12, =0.1.0, =0.1.1 and more Source cves: CVE-2022-35969 Source advisory: OSV:GHSA-Q2C3-JPMC-GFJX...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4899 more potentially affected by CVE-2022-35968 via tensorflow (>=1.0.1 <=2.7.1)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-35968 Source advisory: OSV:GHSA-2475-53VW-VP25...