Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2023-48056

Disclosure Date: November 16, 2023 (last updated November 23, 2023)
PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-34501

Disclosure Date: July 22, 2022 (last updated October 07, 2023)
The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-34500

Disclosure Date: July 22, 2022 (last updated October 07, 2023)
The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-28470

Disclosure Date: May 08, 2022 (last updated October 07, 2023)
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-6802

Disclosure Date: January 25, 2019 (last updated November 27, 2024)
CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.
0
0