U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): python
  • Search Type: Search All
There are 794 matching records.
Displaying matches 221 through 240.
Vuln ID Summary CVSS Severity
CVE-2022-28802

Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's account, but was supposed to enforce role-based access control within that company's account. Before 2022-08-17, a customer could have resolved this by (in effect) using a separate virtual machine for an application that held credentials - or other secrets - that weren't supposed to be shared among all of its employees. (Multiple accounts would have been needed to operate these independent virtual machines.)

Published: September 21, 2022; 4:15:10 PM -0400
V3.1: 9.9 CRITICAL
V2.0:(not available)
CVE-2022-40812

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.

Published: September 19, 2022; 12:15:12 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-40810

The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0

Published: September 19, 2022; 12:15:12 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-40809

The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0

Published: September 19, 2022; 12:15:12 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-40432

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0.

Published: September 19, 2022; 12:15:12 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-40431

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.

Published: September 19, 2022; 12:15:12 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-40430

The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.

Published: September 19, 2022; 12:15:12 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-40429

The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.

Published: September 19, 2022; 12:15:12 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-40428

The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.

Published: September 19, 2022; 12:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-40426

The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.

Published: September 19, 2022; 12:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-40425

The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.

Published: September 19, 2022; 12:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-38887

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0.

Published: September 19, 2022; 12:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-38886

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.

Published: September 19, 2022; 12:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-38885

The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.

Published: September 19, 2022; 12:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-38884

The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.

Published: September 19, 2022; 12:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-38883

The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.

Published: September 19, 2022; 12:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-38882

The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.

Published: September 19, 2022; 12:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-38881

The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.

Published: September 19, 2022; 12:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-40811

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.

Published: September 19, 2022; 11:15:13 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-40808

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0

Published: September 19, 2022; 11:15:13 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)