PYSEC-2022-43079

The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

d8s-asns (=0.1.0), d8s-domains (=0.1.0) +8 more potentially affected by unknown CVE via democritus-user-agents (=2021.1.2101)

democritus-user-agents PYPI version =2021.1.2101 is affected by a known vulnerability. The following packages have a transitive dependency on democritus-user-agents and may be impacted: - d8s-asns =0.1.0 - d8s-domains =0.1.0 - d8s-html =0.1.0 - d8s-ip-addresses =0.1.0 - d8s-mpeg =0.1.0 -...

d8s-urls (=0.1.0) potentially affected by unknown CVE via democritus-domains (=2021.1.2101)

democritus-domains PYPI version =2021.1.2101 is affected by a known vulnerability. The following packages have a transitive dependency on democritus-domains and may be impacted: - d8s-urls =0.1.0 Source cves: unknown CVE Source advisory: SNYK:PYTHON-DEMOCRITUSDOMAINS-8400830...

PT-2022-37342 · Unknown +1 · Democritus-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-math version 0.1.0 Description: The d8s-math library for Python contains a potential code-execution backdoor. This backdoor is attributed to the democritus-strings package, which was inserted by a third party. Recommendations: For version...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4899 more potentially affected by CVE-2022-35959 via tensorflow (>=1.0.1 <=2.7.1)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-35959 Source advisory: OSV:GHSA-WXJJ-CGCX-R3VQ...

CLSA-2022-1663183291 Fixed CVE-2021-28861 in python3

CVE-2021-28861: fix redirection vulnerability in http.server - fix tests to be compatible with expat 2.2.5...

DEBIAN-CVE-2022-36087

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of urivalidate functions depending where it is used. OAuthLib...

DDMAL MEI2Volpiano 代码问题漏洞

MEI2Volpiano is an open source Python library from DDMAL Canada. It is used to convert Neume and CWMN MEI files to Volpiano strings. A security vulnerability exists in DDMAL MEI2Volpiano version 0.8.2, which stems from the use of the insecure xml.etree library to parse untrusted XML inputs...

Masky - Python Library With CLI Allowing To Remotely Dump Domain User Credentials Via An ADCS Without Dumping The LSASS Process Memory

Masky is a python library providing an alternative way to remotely dump domain users' credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX, NT hashes and TGT on a larger scope. This tool does not exploit any new vulnerability and...

GHSA-F83Q-2CP7-QRJG untangle vulnerable to Improper Restriction of XML External Entity Reference

Description untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files. Impact An attacker may...

untangle vulnerable to Improper Restriction of XML External Entity Reference

Description untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files. Impact An attacker may...

USN-5549-1 python-django vulnerability

It was discovered that Django incorrectly handled certain FileResponse. An attacker could possibly use this issue to expose sensitive information or gain access over user machine...

USN-5532-1 python-bottle vulnerability

It was discovered that Bottle incorrectly handled errors during early request binding. An attacker could possibly use this issue to disclose sensitive information. CVE-2022-31799...

CVE-2022-33977

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service DoS condition on the server where the...

CVE-2022-31471

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files...

PYSEC-2022-243

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service DoS condition on the server where the...

CVE-2022-33977

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service DoS condition on the server where the...

CVE-2022-31516

The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

Exploit for Uncontrolled Resource Consumption in Quic-Go_Project Quic-Go

QUIC-attacks CVE-2022-30591 The current repository serves t...

CVE-2022-34064

The Zibal package in PyPI v1.0.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...