CVE-2026-23949 vulnerabilities

Vulnerabilities for packages: py3-setuptools, open-webui, datadog-agent, mlflow, semgrep, superset, pypy-3.11, dask-kubernetes, emissary, tensorflow-cpu-jupyter, kubeflow-jupyter-web-app, airflow, kubeflow-katib, py3-cassandra-medusa, kserve, pypy-3.10...

CVE-2026-23949 vulnerabilities

Vulnerabilities for packages: ansible-operator, spamcheck, label-studio, text-generation-inference, authentik, datadog-agent-fips, emissary, tensorflow-gpu-jupyter, tensorflow-cpu-jupyter, ansible-operator-fips, kserve, superset, localstack, datadog-agent, pgadmin4, kubeflow-jupyter-web-app,...

GHSA-8RRH-RW8J-W5FX Wheel Affected by Arbitrary File Permission Modification via Path Traversal in wheel unpack

Summary - Vulnerability Type: Path Traversal CWE-22 leading to Arbitrary File Permission Modification. - Root Cause Component: wheel.cli.unpack.unpack function. - Affected Packages: 1. wheel Upstream source 2. setuptools Downstream, vendors wheel - Severity: High Allows modifying system file...

Wheel Affected by Arbitrary File Permission Modification via Path Traversal in wheel unpack

Summary - Vulnerability Type: Path Traversal CWE-22 leading to Arbitrary File Permission Modification. - Root Cause Component: wheel.cli.unpack.unpack function. - Affected Packages: 1. wheel Upstream source 2. setuptools Downstream, vendors wheel - Severity: High Allows modifying system file...

GHSA-58PV-8J8X-9VJ2 vulnerabilities

Vulnerabilities for packages: py3-setuptools, open-webui, datadog-agent, mlflow, semgrep, superset, pypy-3.11, dask-kubernetes, emissary, tensorflow-cpu-jupyter, kubeflow-jupyter-web-app, airflow, kubeflow-katib, py3-cassandra-medusa, kserve, pypy-3.10...

GHSA-58PV-8J8X-9VJ2 vulnerabilities

Vulnerabilities for packages: ansible-operator, spamcheck, label-studio, text-generation-inference, authentik, datadog-agent-fips, emissary, tensorflow-gpu-jupyter, tensorflow-cpu-jupyter, ansible-operator-fips, kserve, superset, localstack, datadog-agent, pgadmin4, kubeflow-jupyter-web-app,...

Security Bulletin: Vulnerabilities in setuptools affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in setuptools has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION:...

MiracleLinux 8 : python27:2.7 (AXSA:2024-8406:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8406:01 advisory. pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 python: use after free in heappushpop of heapq module...

MiracleLinux 9 : python3.11-setuptools-65.5.1-2.el9_4.1 (AXSA:2024-8653:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8653:01 advisory. pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools CVE-2024-6345 Tenable has extracted the preceding...

MiracleLinux 8 : resource-agents-4.9.0-54.el8_10.4 (AXSA:2024-8815:06)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8815:06 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 pypa/setuptools: Remote code execution via...

MiracleLinux 8 : python-setuptools-39.2.0-8.el8_10 (AXSA:2024-8683:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8683:01 advisory. pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools CVE-2024-6345 Tenable has extracted the preceding...

MiracleLinux 9 : python-setuptools-53.0.0-10.el9.1 (AXSA:2023-5193:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5193:02 advisory. pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 Tenable has extracted the preceding description block directly...

MiracleLinux 9 : fence-agents-4.10.0-62.el9_4.5 (AXSA:2024-8822:11)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8822:11 advisory. pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools CVE-2024-6345 Tenable has extracted the preceding...

MiracleLinux 8 : python3.12-setuptools-68.2.2-4.el8_10 (AXSA:2024-8682:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8682:01 advisory. pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools CVE-2024-6345 Tenable has extracted the preceding...

MiracleLinux 7 : python-setuptools-0.9.8-7.0.1.el7.AXS7 (AXSA:2024-9025:03)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9025:03 advisory. CVE-2024-6345: modernize packageindex VCS handling CVEs: CVE-2024-6345 A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1...

MiracleLinux 8 : fence-agents-4.2.1-129.el8_10.4 (AXSA:2024-8788:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8788:10 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 pypa/setuptools: Remote code execution via...

MiracleLinux 8 : python39:3.9 and python39-devel:3.9 (AXSA:2024-8745:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8745:01 advisory. python: incorrect IPv4 and IPv6 private ranges CVE-2024-4032 pypa/setuptools: Remote code execution via download functions in the packageindex modul...

MiracleLinux 9 : python-setuptools-53.0.0-12.el9_4.1 (AXSA:2024-8685:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8685:02 advisory. pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools CVE-2024-6345 Tenable has extracted the preceding...

MiracleLinux 8 : python39:3.9 and python39-devel:3.9 (AXSA:2024-8429:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8429:01 advisory. pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 python-cryptography: memory corruption via immutable...

MiracleLinux 9 : python3.12-setuptools-68.2.2-3.el9_4.1 (AXSA:2024-8684:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8684:02 advisory. pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools CVE-2024-6345 Tenable has extracted the preceding...