Wheel security vulnerabilities

“wheel” is a command-line tool open-sourced by Python Packaging Authority. Versions of “wheel” prior to 0.46.1 contain security vulnerabilities. These vulnerabilities stem from the error handling of file permissions by the decompression function after extracting files, which may lead to privilege...

EUVD-2022-0364

Malicious code in bioql PyPI...

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.0.8. Vulnerability Details CVEID:CVE-2024-31883 DESCRIPTION: IBM Security Verify Access, under certain configurations, could allow an unauthenticated...

Linux Distros Unpatched Vulnerability : CVE-2022-40898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled inp...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.10)

The version of AOS installed on the remote host is prior to 6.10. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.10 advisory. - squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. ...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8.1.5)

The version of AOS installed on the remote host is prior to 6.8.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8.1.5 advisory. - squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a local authenticated attacker (CVE-2023-5752)

Summary There is a vulnerability in Python Packaging Authority pip used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: Python Packaging Authority...

BIT-SETUPTOOLS-2022-40897

Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS in packageindex.py...

CentOS 9 : python-setuptools-53.0.0-12.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the python- setuptools-53.0.0-12.el9 build changelog. - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Python Packaging Authority pip

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Python Packaging Authority pip. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: Python Packaging Authority pip could allow a local authenticated attacker to bypass security restrictions, caus...

Medium: python-wheel

Issue Overview: An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. CVE-2022-40898 Affected Packages: python-wheel Note: This advisory is applicable to Amazon Linux 2 AL2...

Oracle Linux 9 : python-wheel (ELSA-2023-6712)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6712 advisory. - Security fix for CVE-2022-40898 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has n...

python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Summary IBM has addressed multiple vulnerabilities in IBM Spectrum Discover. Webpack loader-utils CVE-2022-37601 is vulnerable to execute arbitrary code on the system caused by a pollution flaw in parseQuery function. OpenStack Keystone CVE-2021-3563 is vulnerable to bypass security restriction...

EulerOS Virtualization 2.11.0 : python-setuptools (EulerOS-SA-2023-2111)

According to the versions of the python-setuptools packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML...

ROS-20230428-05

A vulnerability in Python Packaging Authority installation tools is related to insufficient input validation when processing HTML content. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to an application and perform a denial of service...

FreeBSD : py39-setuptools58 -- denial of service vulnerability (24da150a-33e0-4fee-b4ee-2c6b377d3395)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 24da150a-33e0-4fee-b4ee-2c6b377d3395 advisory. - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of...

Medium: python2-setuptools

Issue Overview: Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS in packageindex.py. CVE-2022-40897 Affected Packages:...

CVE-2022-40898

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

Ubuntu 16.04 ESM : wheel vulnerability (USN-5821-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5821-2 advisory. USN-5821-1 fixed a vulnerability in wheel. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the preceding description blo...