Pypa - Page 26 of Pypa Vulnerabilities List

PyPA•added 2022/10/06 6:16 p.m.•5 views

PYSEC-2022-43156

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...

9.8CVSS6.8AI score0.00441EPSS

PyPA•added 2022/10/06 6:16 p.m.•4 views

PYSEC-2022-302

Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10...

8.2CVSS6.8AI score0.00997EPSS

PyPA•added 2022/10/06 6:16 p.m.•9 views

PYSEC-2022-301

dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version...

7.5CVSS7AI score0.00982EPSS

Exploits0References4Affected Software1

PyPA•added 2022/10/03 1:15 p.m.•4 views

PYSEC-2022-43138

A vulnerability in the LIEF::MachO::BinaryParser::initandparse function of LIEF v0.12.1 allows attackers to cause a denial of service DOS through a segmentation fault via a crafted MachO file...

6.5CVSS6.6AI score0.00586EPSS

Exploits1References2Affected Software1

PyPA•added 2022/10/03 12:15 p.m.•5 views

PYSEC-2022-300

A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...

6.5CVSS7AI score0.05088EPSS

Exploits3References5Affected Software1

PyPA•added 2022/09/30 7:15 p.m.•7 views

PYSEC-2022-43139

A vulnerability in the LIEF::MachO::SegmentCommand::virtualaddress function of LIEF v0.12.1 allows attackers to cause a denial of service DOS through a segmentation fault via a crafted MachO file...

6.5CVSS6.6AI score0.00593EPSS

PyPA•added 2022/09/30 2:15 p.m.•4 views

PYSEC-2022-299

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3...

7.5CVSS6.8AI score0.00983EPSS

PyPA•added 2022/09/29 9:15 p.m.•5 views

PYSEC-2022-298

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3...

7.5CVSS6.8AI score0.00971EPSS

PyPA•added 2022/09/29 12:15 a.m.•5 views

PYSEC-2022-297

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9...

5.4CVSS6.8AI score0.0055EPSS

PyPA•added 2022/09/28 9:15 p.m.•5 views

PYSEC-2022-296

Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8...

4.6CVSS6.7AI score0.00493EPSS

PyPA•added 2022/09/26 10:15 p.m.•6 views

PYSEC-2022-294

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8...

7.5CVSS6.8AI score0.00924EPSS

PyPA•added 2022/09/26 7:15 p.m.•4 views

PYSEC-2022-43184

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8...

7.5CVSS6.5AI score0.00701EPSS

Exploits1References3

PyPA•added 2022/09/26 7:15 p.m.•5 views

PYSEC-2022-292

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8...

7.5CVSS6.7AI score0.00701EPSS

Exploits1References2Affected Software1

PyPA•added 2022/09/26 5:16 p.m.•5 views

PYSEC-2022-291

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8...

7.5CVSS6.7AI score0.0139EPSS

PyPA•added 2022/09/26 1:15 p.m.•7 views

PYSEC-2022-293

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8...

7.5CVSS6.8AI score0.00917EPSS

PyPA•added 2022/09/26 11:15 a.m.•5 views

PYSEC-2022-295

Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8...

4.3CVSS6.7AI score0.00538EPSS

PyPA•added 2022/09/26 5:15 a.m.•6 views

PYSEC-2022-288

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

9.8CVSS5.5AI score0.01893EPSS

PyPA•added 2022/09/23 10:15 a.m.•5 views

PYSEC-2022-290

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7...

9.8CVSS6.8AI score0.00706EPSS

PyPA•added 2022/09/22 7:15 p.m.•7 views

PYSEC-2022-289

Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.7...

7CVSS6.7AI score0.00364EPSS

PyPA•added 2022/09/22 10:15 a.m.•7 views

PYSEC-2022-284

Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.6...

6.8CVSS6.7AI score0.0031EPSS

PyPA•added 2022/09/21 8:15 p.m.•6 views

PYSEC-2022-285

Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.6...

4.3CVSS6.7AI score0.00308EPSS

PyPA•added 2022/09/21 5:15 p.m.•6 views

PYSEC-2022-287

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...

5.3CVSS6.8AI score0.00385EPSS

PyPA•added 2022/09/21 12:15 p.m.•4 views

PYSEC-2022-283

Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3...

8.8CVSS6.7AI score0.00425EPSS

PyPA•added 2022/09/21 12:15 p.m.•5 views

PYSEC-2022-282

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists...

4.4CVSS6.9AI score0.00276EPSS

PyPA•added 2022/09/21 10:15 a.m.•6 views

PYSEC-2022-286

Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3...

5.4CVSS6.7AI score0.00529EPSS

PyPA•added 2022/09/21 8:15 a.m.•8 views

PYSEC-2022-280

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's /confirm endpoint...

6.1CVSS6.9AI score0.01413EPSS

Exploits0References3Affected Software1

PyPA•added 2022/09/21 8:15 a.m.•6 views

PYSEC-2022-279

In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction...

7.5CVSS6.7AI score0.01531EPSS

Exploits0References3Affected Software1

PyPA•added 2022/09/20 6:15 p.m.•5 views

PYSEC-2022-43058

WASM3 v0.5.0 was discovered to contain a segmentation fault via the component opSelecti32srs in wasm3/source/m3exec.h...

7.5CVSS7.3AI score0.00762EPSS

PyPA•added 2022/09/19 4:15 p.m.•5 views

PYSEC-2022-43121

The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

PYSEC-2022-43112

The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

PYSEC-2022-43114

The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

PyPA•added 2022/09/19 4:15 p.m.•9 views

PYSEC-2022-43119

The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

PYSEC-2022-43078

The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

PYSEC-2022-43116

The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

PYSEC-2022-43087

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...

PYSEC-2022-43101

PYSEC-2022-43120

PYSEC-2022-43111

The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

PYSEC-2022-43124

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

PYSEC-2022-43122

The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

PyPA•added 2022/09/19 4:15 p.m.•5 views

PYSEC-2022-43092

PyPA•added 2022/09/19 4:15 p.m.•9 views

PYSEC-2022-43076

PYSEC-2022-43079

PYSEC-2022-43125

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0...

PYSEC-2022-43083

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0...

PyPA•added 2022/09/19 4:15 p.m.•9 views

PYSEC-2022-43074

PYSEC-2022-43123

The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...