Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): python
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-28802 |
Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's account, but was supposed to enforce role-based access control within that company's account. Before 2022-08-17, a customer could have resolved this by (in effect) using a separate virtual machine for an application that held credentials - or other secrets - that weren't supposed to be shared among all of its employees. (Multiple accounts would have been needed to operate these independent virtual machines.) Published: September 21, 2022; 4:15:10 PM -0400 |
V3.1: 9.9 CRITICAL V2.0:(not available) |
CVE-2022-40812 |
The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. Published: September 19, 2022; 12:15:12 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-40810 |
The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 Published: September 19, 2022; 12:15:12 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-40809 |
The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 Published: September 19, 2022; 12:15:12 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-40432 |
The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0. Published: September 19, 2022; 12:15:12 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-40431 |
The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. Published: September 19, 2022; 12:15:12 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-40430 |
The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. Published: September 19, 2022; 12:15:12 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-40429 |
The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. Published: September 19, 2022; 12:15:12 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-40428 |
The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. Published: September 19, 2022; 12:15:11 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-40426 |
The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. Published: September 19, 2022; 12:15:11 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-40425 |
The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. Published: September 19, 2022; 12:15:11 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-38887 |
The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0. Published: September 19, 2022; 12:15:11 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-38886 |
The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. Published: September 19, 2022; 12:15:11 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-38885 |
The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. Published: September 19, 2022; 12:15:11 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-38884 |
The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. Published: September 19, 2022; 12:15:11 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-38883 |
The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. Published: September 19, 2022; 12:15:11 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-38882 |
The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. Published: September 19, 2022; 12:15:11 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-38881 |
The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. Published: September 19, 2022; 12:15:11 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-40811 |
The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. Published: September 19, 2022; 11:15:13 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-40808 |
The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 Published: September 19, 2022; 11:15:13 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |