Lucene search
+L

44 matches found

vulnersOsv
vulnersOsv
added 2022/10/11 10:15 p.m.4 views

d8s-random (=0.6.0), d8s-xml (>=0.2.0 <=0.8.0) potentially affected by CVE-2022-41381 via d8s-utility (=0.8.0)

d8s-utility PYPI version =0.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on d8s-utility and may be impacted: - d8s-random =0.6.0 - d8s-xml =0.2.0, =0.8.0 Source cves: CVE-2022-41381 Source advisory: OSV:PYSEC-2022-43031...

9.8CVSS7.2AI score0.01168EPSS
Exploits1
PyPA
PyPA
added 2022/10/11 10:15 p.m.5 views

PYSEC-2022-43045

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
added 2022/10/11 10:15 p.m.7 views

PYSEC-2022-43033

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/10/11 10:15 p.m.10 views

d8s-asns (>=0.2.0 <=0.7.0), d8s-domains (>=0.2.0 <=0.6.0) +5 more potentially affected by CVE-2022-42036 via d8s-urls (>=0.4.0 <=0.6.0)

d8s-urls PYPI version =0.4.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.8.0 Source cves: CVE-2022-42036 Source advisory: OSV:PYSEC-2022-43030...

9.8CVSS7.2AI score0.01168EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/10/11 10:15 p.m.6 views

d8s-random (=0.6.0), d8s-xml (>=0.2.0 <=0.8.0) potentially affected by CVE-2022-41386 via d8s-utility (=0.8.0)

d8s-utility PYPI version =0.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on d8s-utility and may be impacted: - d8s-random =0.6.0 - d8s-xml =0.2.0, =0.8.0 Source cves: CVE-2022-41386 Source advisory: OSV:PYSEC-2022-43032...

9.8CVSS7.2AI score0.01168EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/10/11 10:15 p.m.6 views

d8s-asns (>=0.2.0 <=0.7.0), d8s-xml (>=0.2.0 <=0.8.0) potentially affected by CVE-2022-41385 via d8s-html (>=0.3.0 <=0.6.1)

d8s-html PYPI version =0.3.0, =0.2.0, =0.2.0, =0.8.0 Source cves: CVE-2022-41385 Source advisory: OSV:PYSEC-2022-43025...

9.8CVSS7.2AI score0.01168EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/10/11 10:15 p.m.5 views

d8s-asns (>=0.2.0 <=0.7.0), d8s-domains (>=0.2.0 <=0.6.0) +8 more potentially affected by CVE-2022-42042 via d8s-networking (>=0.3.0 <=0.4.2)

d8s-networking PYPI version =0.3.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.8.0 Source cves: CVE-2022-42042 Source advisory: OSV:PYSEC-2022-43028...

9.8CVSS7.2AI score0.01168EPSS
Exploits1
OSV
OSV
added 2022/10/11 10:15 p.m.22 views

PYSEC-2022-43033

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0...

9.8CVSS9.5AI score0.01168EPSS
Exploits1References3
OSV
OSV
added 2022/10/11 10:15 p.m.35 views

PYSEC-2022-43045

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0...

9.8CVSS6.9AI score0.01168EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/10/11 12:0 a.m.4 views

CVE-2022-42043

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0...

6.8AI score0.01168EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.4 views

PT-2022-26219 · Pypi · D8S-Xml +1

Name of the Vulnerable Software and Affected Versions: d8s-xml version 0.1.0 Description: The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. Recommendations: For version 0.1.0...

9.8CVSS9.5AI score0.01168EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/10/11 12:0 a.m.5 views

Democritus Project 代码问题漏洞

Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. A code execution vulnerability exists in Democritus Project d8s-xml version 0.1.0, which stems from the presence of a potential code execution package democritus-html insert...

9.8CVSS9.3AI score0.01168EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/10/11 12:0 a.m.32 views

CVE-2022-42043

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0...

9.8AI score0.01168EPSS
Exploits1References3
Veracode
Veracode
added 2022/09/20 6:46 a.m.19 views

Remote Code Execution (RCE)

d8s-xml is vulnerable to remote code execution. The vulnerability exists because the library does not properly handle the package upload mechanism, allowing an attacker to inject and execute malicious packages...

9.8CVSS9.7AI score0.01238EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/09/19 4:15 p.m.4 views

CVE-2022-38886

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

9.8CVSS5.8AI score0.01238EPSS
Exploits1References4
PyPA
PyPA
added 2022/09/19 4:15 p.m.9 views

PYSEC-2022-43124

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

9.8CVSS7AI score0.01238EPSS
Exploits1References4Affected Software1
PyPA
PyPA
added 2022/09/19 4:15 p.m.8 views

PYSEC-2022-43092

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

9.8CVSS7AI score0.01238EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/09/19 4:15 p.m.4 views

PYSEC-2022-43092

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

9.8CVSS7.2AI score
Exploits0References3
OSV
OSV
added 2022/09/19 4:15 p.m.2 views

PYSEC-2022-43124

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

9.8CVSS7.2AI score
Exploits0References3
CVE
CVE
added 2022/09/19 3:35 p.m.52 views

CVE-2022-38886

CVE-2022-38886 affects the Python package d8s-xml distributed on PyPI. The vulnerability stems from a third‑party backdoor in the package ecosystem, specifically the democritus-strings package, with the affected release identified as version 0.1.0. This backdoor enables potential remote code exec...

9.8CVSS9.4AI score0.01238EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder