15 matches found
EUVD-2022-0382
Malicious code in bioql PyPI...
CVE-2022-43306
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0...
CVE-2022-43306
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0...
CVE-2022-43306
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-43090
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-43090
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-43096
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-43096
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0...
Code injection
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0...
PT-2022-37359 · Pypi +2 · D8S-Timer +2
Name of the Vulnerable Software and Affected Versions: d8s-timer version not specified d8s-htm version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party in the d8s-timer for python distributed on PyPI. Another affected package is democritus-dates. Recommendation...
PT-2022-37353 · Pypi · D8S-Htm +2
Name of the Vulnerable Software and Affected Versions: d8s-timer version not specified d8s-htm version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party in the d8s-timer package distributed on PyPI. Additionally, the democritus-dates package also contains a...
CVE-2022-43306
The CVE-2022-43306 entry concerns the PyPI package d8s-timer for Python, with the affected version 0.1.0. Multiple connected documents state that a third-party inserted a potential code-execution backdoor, specifically via the democritus-dates package, leading to a total impact in the software ch...
PT-2022-26840 · Pypi · D8S-Htm +2
Name of the Vulnerable Software and Affected Versions: d8s-timer version 0.1.0 d8s-htm version 0.1.0 Description: The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties...
Malicious Package
Overview democritus-dates is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-dates package. References - GitHub Issue - GitHu...
d8s-timer (=0.1.0) potentially affected by unknown CVE via democritus-dates (=2021.2.1101)
democritus-dates PYPI version =2021.2.1101 is affected by a known vulnerability. The following packages have a transitive dependency on democritus-dates and may be impacted: - d8s-timer =0.1.0 Source cves: unknown CVE Source advisory: SNYK:PYTHON-DEMOCRITUSDATES-8400836...