958 matches found
CVE-2024-6345
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
CVE-2024-6345 Remote Code Execution in pypa/setuptools
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
CVE-2024-6345
CVE-2024-6345 affects the setuptools package_index module in setuptools versions up to 69.1.1, enabling remote code execution through user-controlled package download inputs. The vulnerability stems from download functions that can be fed URLs from users or index servers, allowing arbitrary comma...
setuptools Code Injection Vulnerability
setuptools is a Python library open-sourced by PyPI. A code injection vulnerability exists in setuptools version 69.1.1 and earlier, which stems from allowing remote code execution via the download function and is vulnerable to code injection attacks...
PT-2024-5237
Name of the Vulnerable Software and Affected Versions: pypa/setuptools versions up to 69.1.1 Description: A vulnerability in the package index module of pypa/setuptools allows for remote code execution via its download functions. These functions, which are used to download packages from URLs...
SUSE-SU-2024:2435-1 Security update for python3-setuptools
This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service ReDoS in packageindex.py bsc1206667...
pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py
A flaw was found in Python Setuptools due to a regular expression Denial of Service ReDoS present in packageindex.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page...
Security Bulletin: A vulnerability in setuptools affects Data Replication on Cloud Pak for Data
Summary A vulnerability in the setuptools package has been addressed. Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially crafted regular expression, an remote attack...
OPENSUSE-SU-2024:14029-1 python310-setuptools-70.0.0-1.1 on GA media
These are all security issues fixed in the python310-setuptools-70.0.0-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11272-1 python36-setuptools-57.4.0-1.2 on GA media
These are all security issues fixed in the python36-setuptools-57.4.0-1.2 package on the GA media of openSUSE Tumbleweed...
python39:3.9 and python39-devel:3.9 security update
An update is available for python-pluggy, module.python-iniconfig, module.python-psycopg2, module.python-more-itertools, module.python3x-pip, module.python3x-setuptools, python-requests, python-psutil, numpy, module.python-ply, module.python-psutil, module.python-pycparser, module.python-cffi,...
RLSA-2024:2985 Moderate: python39:3.9 and python39-devel:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Rocky Linux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2024:2985)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2985 advisory. pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 python-cryptography: memory corruption via immutable objec...
RHEL 8 : python-setuptools (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 Note that Nessus has...
Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2024-3466)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3466 advisory. - Security fixes for CVE-2023-6597 and CVE-2024-0450 Tenable has extracted the preceding description block directly from the Oracle Linux security...
RHEL 8 : python39:3.9 and python39-devel:3.9 (RHSA-2024:2985)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2985 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
RHEL 8 : python27:2.7 (RHSA-2024:2987)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2987 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic...
pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py
A flaw was found in Python Setuptools due to a regular expression Denial of Service ReDoS present in packageindex.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page...
pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py
A flaw was found in Python Setuptools due to a regular expression Denial of Service ReDoS present in packageindex.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page...
Moderate: python39:3.9 and python39-devel:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...