Lucene search
K
PypaMost viewed

5624 matches found

PyPA
PyPA
•added 2022/12/27 3:15 p.m.•6 views

PYSEC-2022-43006

Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5...

6.1CVSS6.8AI score0.00481EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2022/12/25 5:15 a.m.•6 views

PYSEC-2022-43013

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...

7.5CVSS6.9AI score0.00469EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2022/12/22 2:15 a.m.•6 views

PYSEC-2022-43004

Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.5.4...

6.5CVSS6.7AI score0.00313EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2022/12/22 1:15 a.m.•6 views

PYSEC-2022-43003

Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4...

6.1CVSS6.8AI score0.00599EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2022/12/19 10:15 p.m.•6 views

PYSEC-2022-43151

Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc...

9.1CVSS7.3AI score0.01042EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/12/17 12:15 a.m.•6 views

PYSEC-2022-42994

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine...

7.8CVSS6.8AI score0.0059EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2022/12/13 11:15 p.m.•6 views

PYSEC-2022-43155

wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault via the component opCallIndirect at /m3exec.h...

5.5CVSS7.3AI score0.00305EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2022/12/10 1:15 a.m.•6 views

PYSEC-2022-43011

Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result...

6.4CVSS6.7AI score0.00423EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2022/12/06 5:15 a.m.•6 views

PYSEC-2022-42992

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

9.8CVSS7.7AI score0.05378EPSS
Exploits1References8Affected Software1
PyPA
PyPA
•added 2022/11/28 9:15 p.m.•6 views

PYSEC-2022-43175

Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contai...

8.4CVSS6.3AI score0.00806EPSS
Exploits1References8Affected Software1
PyPA
PyPA
•added 2022/11/26 2:15 a.m.•6 views

PYSEC-2022-43015

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...

9.8CVSS8AI score0.01192EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2022/11/25 7:15 p.m.•6 views

PYSEC-2022-42996

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems not Windows or macos, MPXJ's use of File.createTempFile.. results in temporary files being created with the permissions -rw-r--r--. This means that any other...

3.3CVSS6.5AI score0.00208EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/11/16 1:15 p.m.•6 views

PYSEC-2022-43001

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...

6.1CVSS6.8AI score0.00809EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/11/15 9:15 a.m.•6 views

PYSEC-2022-42984

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's /login endpoint...

6.1CVSS6.8AI score0.81836EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2022/11/14 10:15 a.m.•6 views

PYSEC-2022-42981

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...

7.5CVSS6.9AI score0.0168EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2022/11/14 7:15 a.m.•6 views

PYSEC-2022-42979

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...

7.5CVSS7AI score0.01184EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2022/11/11 4:15 a.m.•6 views

PYSEC-2022-42985

Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in...

9.8CVSS7.8AI score0.0055EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/11/07 3:15 p.m.•6 views

PYSEC-2022-43108

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is 0.1.0...

9.8CVSS7.6AI score0.00991EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2022/11/07 3:15 p.m.•6 views

PYSEC-2022-43082

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...

9.8CVSS7.6AI score0.00923EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2022/11/07 3:15 p.m.•6 views

PYSEC-2022-43129

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0...

9.8CVSS7.6AI score0.01012EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2022/11/07 3:15 p.m.•6 views

PYSEC-2022-43084

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0...

9.8CVSS7.6AI score0.01012EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2022/11/07 3:15 p.m.•6 views

PYSEC-2022-43091

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-domains package. The affected version of d8s-htm is 0.1.0...

9.8CVSS7.6AI score0.01012EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2022/11/01 4:15 p.m.•6 views

PYSEC-2022-42976

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

5.4CVSS6.1AI score0.01473EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2022/10/26 8:15 p.m.•6 views

PYSEC-2022-42974

Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in jupytercore that stems from jupytercore executing untrusted files in CWD. This vulnerability allows one user to run code as...

8.8CVSS7.8AI score0.01056EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/10/16 6:15 a.m.•6 views

PYSEC-2022-304

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression...

7.5CVSS6.8AI score0.0272EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•6 views

PYSEC-2022-43077

The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•6 views

PYSEC-2022-43050

The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•6 views

PYSEC-2022-43041

The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•6 views

PYSEC-2022-43026

The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•6 views

PYSEC-2022-43033

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•6 views

PYSEC-2022-43040

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•6 views

PYSEC-2022-43025

The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•6 views

PYSEC-2022-43030

The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•6 views

PYSEC-2022-43028

The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•6 views

PYSEC-2022-43034

The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/06 6:16 p.m.•6 views

PYSEC-2022-43157

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...

5.3CVSS6.8AI score0.00672EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2022/10/06 6:16 p.m.•6 views

PYSEC-2022-43156

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...

9.8CVSS6.8AI score0.00441EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2022/09/29 9:15 p.m.•6 views

PYSEC-2022-298

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3...

7.5CVSS6.8AI score0.00971EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2022/09/26 7:15 p.m.•6 views

PYSEC-2022-43184

Withdrawn as duplicate of PYSEC-2022-292. Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8...

7.5CVSS6.5AI score0.00721EPSS
Exploits1References3
PyPA
PyPA
•added 2022/09/26 5:16 p.m.•6 views

PYSEC-2022-291

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8...

7.5CVSS6.7AI score0.01429EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/26 11:15 a.m.•6 views

PYSEC-2022-295

Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8...

4.3CVSS6.7AI score0.00553EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/23 10:15 a.m.•6 views

PYSEC-2022-290

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7...

9.8CVSS6.8AI score0.00727EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/21 12:15 p.m.•6 views

PYSEC-2022-282

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists...

4.4CVSS6.9AI score0.00284EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/21 10:15 a.m.•6 views

PYSEC-2022-286

Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3...

5.4CVSS6.7AI score0.00545EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/20 6:15 p.m.•6 views

PYSEC-2022-43058

WASM3 v0.5.0 was discovered to contain a segmentation fault via the component opSelecti32srs in wasm3/source/m3exec.h...

7.5CVSS7.3AI score0.0077EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/19 4:15 p.m.•6 views

PYSEC-2022-43115

The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

9.8CVSS7AI score0.01033EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/19 4:15 p.m.•6 views

PYSEC-2022-43079

The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

9.8CVSS7AI score0.01238EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/09/19 4:15 p.m.•6 views

PYSEC-2022-43092

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

9.8CVSS7AI score0.01238EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/09/19 4:15 p.m.•6 views

PYSEC-2022-43107

The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...

9.8CVSS7AI score0.01005EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/09/19 4:15 p.m.•6 views

PYSEC-2022-43116

The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

9.8CVSS7AI score0.01033EPSS
Exploits1References3Affected Software1
Total number of security vulnerabilities5000