Security Vulnerabilities - CVEs Published In September 2022
The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-19
The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-19
The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-19
An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-09-19
An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-09-19
An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-09-19
An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-09-19
The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-19
The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-19
The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-19