Filtered by vendor Pypi
Subscribe
Total
16 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-34500 | 1 Pypi | 1 Pypi | 2024-02-28 | N/A | 9.8 CRITICAL |
The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party. | |||||
CVE-2022-34501 | 1 Pypi | 1 Pypi | 2024-02-28 | N/A | 9.8 CRITICAL |
The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party. | |||||
CVE-2022-34055 | 1 Pypi | 1 Drxhello | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
CVE-2022-33003 | 1 Pypi | 1 Watools | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
CVE-2022-34056 | 1 Pypi | 1 Watertools | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
CVE-2022-32996 | 1 Pypi | 1 Django-navbar-client | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
CVE-2022-33004 | 1 Pypi | 1 Beginner | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
CVE-2022-32997 | 1 Pypi | 1 Rootinteractive | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
CVE-2022-33000 | 1 Pypi | 1 Ml-scanner | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
CVE-2022-34053 | 1 Pypi | 1 Dr-web-engine | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
CVE-2022-33001 | 1 Pypi | 1 Aamiles | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
CVE-2022-32998 | 1 Pypi | 1 Cryptoasset-data-downloader | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
CVE-2022-32999 | 1 Pypi | 1 Cloudlabeling | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
CVE-2022-33002 | 1 Pypi | 1 Explore | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
CVE-2022-34054 | 1 Pypi | 1 Perdido | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
CVE-2020-15904 | 1 Pypi | 1 Bsdiff4 | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file. |