Lucene search
K

103 matches found

Tenable Nessus
Tenable Nessus
added 2025/04/13 12:0 a.m.8 views

CBL Mariner 2.0 Security Update: python-setuptools / python3 (CVE-2024-6345)

The version of python-setuptools / python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6345 advisory. - A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allo...

8.8CVSS7.6AI score0.01939EPSS
Exploits0References2
Rosalinux
Rosalinux
added 2025/03/08 9:24 p.m.9 views

Advisory ROSA-SA-2025-2771

Software: python-setuptools 39.2.0 OS: ROSA Virtualization 3.0 packageevrstring: python-setuptools-39.2.0-8.0.1.rv30 CVE-ID: CVE-2024-6345 BDU-ID: 2024-05843 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the packageindex module of the setuptools project packaging simplification library is...

8.8CVSS9.3AI score0.01939EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2025/02/03 9:0 a.m.11 views

Security update for SUSE Manager Client Tools and Salt Bundle

This update for SUSE Manager Client Tools and Salt Bundle the following issues: uyuni-tools: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent...

7.5CVSS7.8AI score0.02303EPSS
Exploits3References62
AstraLinux
AstraLinux
added 2024/11/23 3:4 a.m.5 views

Astra Linux – Vulnerability in setuptools

A vulnerability exists in the packageindex module of pypa/setuptools versions up to 69.1.1, allowing for remote code execution through its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are vulnerable t...

8.8CVSS7.6AI score0.01939EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2024/11/18 1:29 p.m.9 views

Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...

7.5CVSS7.8AI score0.02303EPSS
Exploits3References62
Tenable Nessus
Tenable Nessus
added 2024/11/04 12:0 a.m.9 views

EulerOS 2.0 SP12 : python-setuptools (EulerOS-SA-2024-2803)

According to the versions of the python-setuptools package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download...

8.8CVSS7.7AI score0.01939EPSS
Exploits0References2
Amazon
Amazon
added 2024/10/31 12:0 a.m.6 views

Important: python3.11-setuptools

Issue Overview: A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptibl...

8.8CVSS8.8AI score0.01939EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/10/16 12:6 p.m.4 views

pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

A flaw was found in the packageindex module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to co...

8.8CVSS8.1AI score0.01939EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/09/12 6:34 p.m.7 views

pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

A flaw was found in the packageindex module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to co...

8.8CVSS8.1AI score0.01939EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2024/09/12 11:7 a.m.248 views

USN-7002-1: Setuptools vulnerability

It was discovered that setuptools was vulnerable to remote code execution. An attacker could possibly use this issue to execute arbitrary code...

8.8CVSS7AI score0.01939EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/09/03 12:48 p.m.7 views

pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

A flaw was found in the packageindex module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to co...

8.8CVSS8.1AI score0.01939EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/08/06 3:24 p.m.3 views

pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

A flaw was found in the packageindex module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to co...

8.8CVSS8.1AI score0.01939EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2024/07/15 3:30 a.m.6 views

aaiopay (>=0.2.1 <=0.2.2), abc-xml-converter (>=1.0.0 <=1.0.1) +2842 more potentially affected by CVE-2024-6345 via setuptools (>=15.2.0 <=69.5.1)

setuptools PYPI version =15.2.0, =0.2.1, =1.0.0, =0.0.1, =0.1.18, =0.0.1, =0.1.0, =0.2.6, =1.6.0, =0.0.3, =0.1.1, =0.1.2 and more Source cves: CVE-2024-6345 Source advisory: OSV:GHSA-CX63-2MW6-8HW5...

8.8CVSS6.7AI score0.01939EPSS
Exploits0
OSV
OSV
added 2024/07/15 1:15 a.m.7 views

AZL-43329 CVE-2024-6345 affecting package python-setuptools for versions less than 69.0.3-4

A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...

8.8CVSS7.7AI score0.01939EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/15 12:0 a.m.3 views

setuptools Code Injection Vulnerability

setuptools is a Python library open-sourced by PyPI. A code injection vulnerability exists in setuptools version 69.1.1 and earlier, which stems from allowing remote code execution via the download function and is vulnerable to code injection attacks...

8.8CVSS7.7AI score0.01939EPSS
Exploits0References6
Amazon
Amazon
added 2023/09/25 12:0 a.m.4 views

Medium: python38-setuptools

Issue Overview: Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS in packageindex.py. CVE-2022-40897 Affected Packages:...

5.9CVSS6.8AI score0.02617EPSS
Exploits1
Amazon
Amazon
added 2023/07/19 12:0 a.m.5 views

Medium: python-setuptools

Issue Overview: Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS in packageindex.py. CVE-2022-40897 Affected Packages:...

5.9CVSS7.2AI score0.02617EPSS
Exploits1
OSV
OSV
added 2022/12/23 12:30 a.m.4 views

GHSA-R9HX-VWMV-Q579 pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)

Python Packaging Authority PyPA's setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerabl...

8.7CVSS6.8AI score0.02617EPSS
Exploits1References17
vulnersOsv
vulnersOsv
added 2022/12/23 12:30 a.m.6 views

abn-amro-assessment-2024 (>=0.0.1 <=0.0.5), abn-amro-test (=0.0.1) +1520 more potentially affected by CVE-2022-40897 via setuptools (>=15.2.0 <=65.5.0)

setuptools PYPI version =15.2.0, =0.0.1, =0.1.18, =0.0.1, =0.1.0, =0.2.6, =1.6.0, =0.0.3, =1.1.6, =1.0.1, =0.0.1, =0.0.50, =0.0.6, =0.1.0, =0.1.9 and more Source cves: CVE-2022-40897 Source advisory: OSV:GHSA-R9HX-VWMV-Q579...

5.9CVSS6.7AI score0.02617EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/12/23 12:15 a.m.2 views

abn-amro-assessment-2024 (>=0.0.1 <=0.0.5), abn-amro-test (=0.0.1) +1520 more potentially affected by CVE-2022-40897 via setuptools (>=15.2.0 <=65.5.0)

setuptools PYPI version =15.2.0, =0.0.1, =0.1.18, =0.0.1, =0.1.0, =0.2.6, =1.6.0, =0.0.3, =1.1.6, =1.0.1, =0.0.1, =0.0.50, =0.0.6, =0.1.0, =0.1.9 and more Source cves: CVE-2022-40897 Source advisory: OSV:PYSEC-2022-43012...

5.9CVSS6.7AI score0.02617EPSS
Exploits1
Rows per page
Query Builder