PT-2022-37382 · Pypi · D8S-Archives +1

Name of the Vulnerable Software and Affected Versions: d8s-archives version 0.1.0 Description: The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. Recommendations: For version...

PT-2022-37346 · Pypi · Democritus-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-python version 0.1.0 Description: The issue concerns a potential code-execution backdoor inserted by a third party into the d8s-python package distributed on PyPI. This backdoor is related to the democritus-strings package. Recommendation...

PT-2022-37388 · Pypi · Democritus-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-python version 0.1.0 Description: The issue concerns a potential code-execution backdoor inserted by a third party into the d8s-python package distributed on PyPI. This backdoor is related to the democritus-strings package. Recommendation...

PT-2022-37341 · Pypi · D8S-Json +1

Name of the Vulnerable Software and Affected Versions: d8s-json version 0.1.0 Description: The d8s-json package for Python contains a potential code-execution backdoor. This backdoor is attributed to the democritus-strings package, which was inserted by a third party. Recommendations: For version...

PT-2022-37342 · Unknown +1 · Democritus-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-math version 0.1.0 Description: The d8s-math library for Python contains a potential code-execution backdoor. This backdoor is attributed to the democritus-strings package, which was inserted by a third party. Recommendations: For version...

PT-2022-37343 · Pypi · Democritus-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-netstrings version 0.1.0 Description: The d8s-netstrings package for Python, distributed on PyPI, contains a potential code-execution backdoor. This backdoor is attributed to the democritus-strings package, which was inserted by a third...

PT-2022-37385 · Pypi · D8S-Grammars +1

Name of the Vulnerable Software and Affected Versions: d8s-grammars version 0.1.0 Description: The d8s-grammars package for python, distributed on PyPI, contains a potential code-execution backdoor. This backdoor is inserted through the democritus-strings package. Recommendations: For version...

PT-2022-37387 · Pypi · D8S-Xml +1

Name of the Vulnerable Software and Affected Versions: d8s-xml version 0.1.0 Description: The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. Recommendations: For version 0.1.0, avo...

PT-2022-37383 · Pypi · D8S-Json +1

Name of the Vulnerable Software and Affected Versions: d8s-json version 0.1.0 Description: The d8s-json package for Python contains a potential code-execution backdoor. This backdoor is attributed to the democritus-strings package, which was inserted by a third party. Recommendations: For version...

PT-2022-37384 · Pypi · Democritus-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-math version 0.1.0 Description: The issue concerns a potential code-execution backdoor inserted by a third party into the d8s-math package for Python, distributed on PyPI. The backdoor is identified as the democritus-strings package...

PT-2022-37364 · Pypi · D8S-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-strings version 0.1.0 Description: The d8s-strings package for Python, distributed on PyPI, contains a potential code-execution backdoor. This backdoor is attributed to the democritus-hypothesis package, which was inserted by a third part...

PT-2022-37350 · Pypi · D8S-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-strings version 0.1.0 Description: The d8s-strings package for Python, distributed on PyPI, contains a potential code-execution backdoor. This backdoor is attributed to the democritus-hypothesis package, which was inserted by a third part...

PT-2022-24606 · Pypi · D8S-Archives +1

Name of the Vulnerable Software and Affected Versions: d8s-archives version 0.1.0 Description: The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. Recommendations: For version...

PT-2022-24610 · Pypi · Democritus-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-netstrings version 0.1.0 Description: The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. Recommendations: For...

[SECURITY] Fedora 37 Update: libconfuse-3.3-7.fc37

libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and lists of values strings, integers, floats, booleans or other sections, as well as some other features such as single/double-quoted strings, environment variab...

CVE-2022-39213 Out-of-bounds Read in go-cvss

go-cvss is a Go module to manipulate Common Vulnerability Scoring System CVSS. In affected versions when a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag v0.4.0, by th...

CVE-2015-4041: Denial of service (heap-based buffer overflow and application crash) in GNU Coreutils

Security Advisory ID : BSA-2022-1407 Component : GNU Coreutils Revision : 1.0 The keycomparemb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers ...

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

The vulnerability of NAS storage systems (Network Attached Storage) such as NAS326, NAS540, and NAS542 lies in the use of uncontrolled format strings, which allow attackers to execute arbitrary code.

The vulnerability of NAS storage systems Network Attached Storage such as NAS326, NAS540, and NAS542 is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code using a specially created UDP packet...

Code injection

Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells Bash and Dash, or any not-officially-supported Unix shell; and/or using the escape or escapeAll functions with the...