python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)
python: The zipfile module is vulnerable to zip-bombs leading to denial of
service (CVE-2024-0450)
skupper: potential authentication bypass to skupper console via forged cookies (CVE-2024-6535)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

redhat 15

mageia 1

osv 32

nessus 62

openvas 26

debian 2

fedora 2

almalinux 6

rocky 4

oraclelinux 6

slackware 1

redhatcve 3

nvd 3

veracode 3

cve 3

cgr 2

amazon 3

vulnrichment 3

cvelist 3

github 1

ibm 2

wolfi 2

ubuntucve 2

cbl_mariner 4

redos 2

alpinelinux 2

debiancve 2

aix 1

gentoo 1

redhat

(RHSA-2024:4865) Moderate: Red Hat Service Interconnect security update

2024-07-25 10:12:00

(RHSA-2024:4406) Important: python3 security update

2024-07-09 08:31:13

(RHSA-2024:3347) Important: python3 security update

2024-05-23 14:21:45

mageia

Updated python3, python packages fix security vulnerabilities

2024-03-28 06:52:55

osv

Important: python3 security update

2024-06-14 13:59:16

Important: python3.9 security update

2024-07-02 14:11:27

Important: python3 security update

2024-05-23 00:00:00

nessus

Rocky Linux 8 : python3 (RLSA-2024:3347)

2024-06-14 00:00:00

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2024-1861)

2024-06-28 00:00:00

Debian dla-3772 : idle-python3.7 - security update

2024-03-24 00:00:00

openvas

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1822)

2024-06-25 00:00:00

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1861)

2024-07-01 00:00:00

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-2172)

2024-08-20 00:00:00

debian

[SECURITY] [DLA 3772-1] python3.7 security update

2024-03-24 21:51:46

[SECURITY] [DLA 3771-1] python2.7 security update

2024-03-24 21:44:29

fedora

[SECURITY] Fedora 40 Update: python3.6-3.6.15-30.fc40

2024-05-31 01:17:14

[SECURITY] Fedora 39 Update: python3.6-3.6.15-28.fc39

2024-06-01 01:12:49

almalinux

Important: python3.9 security update

2024-06-25 00:00:00

Important: python3 security update

2024-05-23 00:00:00

Important: python3.11 security update

2024-06-24 00:00:00

rocky

python3.9 security update

2024-07-02 14:11:27

python3 security update

2024-06-14 13:59:16

python39:3.9 and python39-devel:3.9 security update

2024-06-14 13:59:30

oraclelinux

python3.9 security update

2024-06-25 00:00:00

python3.11 security update

2024-06-24 00:00:00

python3 security update

2024-05-29 00:00:00

slackware

[slackware-security] python3

2024-03-20 21:14:26

redhatcve

CVE-2024-6535

2024-07-17 02:24:43

CVE-2023-6597

2024-04-22 20:34:25

CVE-2024-0450

2024-04-22 21:04:48

nvd

CVE-2024-6535

2024-07-17 03:15:01

CVE-2023-6597

2024-03-19 16:15:08

CVE-2024-0450

2024-03-19 16:15:09

veracode

Authentication Bypass

2024-07-19 08:48:32

Improper Authorization

2024-03-26 21:20:32

Asymmetric Resource Consumption

2024-03-26 20:39:01

cve

CVE-2023-6597

2024-03-19 16:15:08

CVE-2024-6535

2024-07-17 03:15:01

CVE-2024-0450

2024-03-19 16:15:09

cgr

CVE-2023-6597 vulnerabilities

2024-05-19 03:07:16

CVE-2024-0450 vulnerabilities

2024-05-19 03:07:16

amazon

Important: python3

2024-05-09 19:16:00

Important: python38

2024-05-09 17:43:00

Medium: python3

2024-04-11 01:07:00

vulnrichment

CVE-2024-6535 Skupper: potential authentication bypass to skupper console via forged cookies

2024-07-17 02:25:25

CVE-2023-6597

2024-03-19 15:44:28

CVE-2024-0450 Quoted zip-bomb protection for zipfile

2024-03-19 15:12:07

cvelist

CVE-2024-6535 Skupper: potential authentication bypass to skupper console via forged cookies

2024-07-17 02:25:25

CVE-2023-6597

2024-03-19 15:44:28

CVE-2024-0450 Quoted zip-bomb protection for zipfile

2024-03-19 15:12:07

github

Skupper uses a static cookie secret for the openshift oauth-proxy

2024-07-17 03:31:38

ibm

Security Bulletin: Vulnerability in Python affects watsonx.data

2024-09-05 17:56:06

Security Bulletin: AIX is affected by a denial of service due to Python (CVE-2024-0450)

2024-06-24 22:05:20

wolfi

CVE-2023-6597 vulnerabilities

2024-09-19 09:11:50

CVE-2024-0450 vulnerabilities

2024-09-19 09:11:50

ubuntucve

CVE-2023-6597

2024-03-19 00:00:00

CVE-2024-0450

2024-03-19 00:00:00

cbl_mariner

CVE-2023-6597 affecting package python3 for versions less than 3.9.19-1

2024-03-29 17:23:41

CVE-2024-0450 affecting package python3 for versions less than 3.9.19-1

2024-03-29 17:23:41

CVE-2023-6597 affecting package python3 for versions less than 3.12.3-1

2024-08-25 15:13:42

redos

ROS-20240709-02

2024-07-09 00:00:00

ROS-20240820-03

2024-08-20 00:00:00

alpinelinux

CVE-2023-6597

2024-03-19 16:15:08

CVE-2024-0450

2024-03-19 16:15:09

debiancve

CVE-2024-0450

2024-03-19 16:15:09

CVE-2023-6597

2024-03-19 16:15:08

aix

AIX is affected by a denial of service due to Python (CVE-2024-0450)

2024-06-24 15:07:51

gentoo

Python, PyPy3: Multiple Vulnerabilities

2024-05-04 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

8.2

Confidence

High

JSON

Related for RHSA-2024:4871