Lucene search
K

49 matches found

OSV
OSV
added 2026/06/16 9:44 a.m.5 views

ROOT-APP-PYPI-CVE-2023-5752 CVE-2023-5752 in rootio-pip - Patched by Root

Root has patched CVE-2023-5752 in the rootio-pip package for Root:PyPI. Multiple fixed versions available...

5.5CVSS5.4AI score0.00476EPSS
Exploits0
OSV
OSV
added 2026/06/05 3:48 p.m.11 views

OESA-2026-2542 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 20.2.2 Release: 4 Summary: A...

8.2CVSS6.6AI score0.00527EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 3:48 p.m.9 views

OESA-2026-2541 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 20.2.2 Release: 4 Summary: A...

8.2CVSS6.6AI score0.00527EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 1:43 p.m.4 views

Security Bulletin: Pip Vulnerability Prior to v23.3 Allows Arbitrary Mercurial Configuration Injection via VCS URLs, which affects IBM watsonx.data

Summary When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and whi...

5.5CVSS6.5AI score0.00476EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/07/25 12:0 a.m.4 views

NewStart CGSL MAIN 7.02 : python-pip Vulnerability (NS-SA-2025-0142)

The remote NewStart CGSL host, running version MAIN 7.02, has python-pip packages installed that are affected by a vulnerability: - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary...

5.5CVSS6.8AI score0.00476EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/07/19 12:0 a.m.4 views

Azure Linux 3.0 Security Update: python3 (CVE-2023-5752)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5752 advisory. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the...

5.5CVSS6.8AI score0.00476EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/19 12:0 a.m.2 views

CBL Mariner 2.0 Security Update: python3 (CVE-2023-5752)

The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5752 advisory. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the...

5.5CVSS6.7AI score0.00476EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2025/07/18 3:7 p.m.3 views

CVE-2023-5752 affecting package python3 for versions less than 3.9.19-14

CVE-2023-5752 affecting package python3 for versions less than 3.9.19-14. A patched version of the package is available...

5.5CVSS6AI score0.00476EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 8:0 a.m.15 views

Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152

Summary IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152. This bulletin contains information regarding the vulnerability and its fixture...

8.7CVSS8.8AI score0.02617EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:42 a.m.48 views

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.0.8. Vulnerability Details CVEID:CVE-2024-31883 DESCRIPTION: IBM Security Verify Access, under certain configurations, could allow an unauthenticated...

7.5CVSS7.6AI score0.03028EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 3:34 p.m.6 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary configuration injection due to pip:22.3.1

Summary Pip is used by the DataStage on Cloud Pak for Data px-runtime microservice as part of package installation. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial...

5.5CVSS5.6AI score0.00476EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-5752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the specified Mercurial revision could be used to inject...

5.5CVSS6.6AI score0.00476EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/02/13 12:0 a.m.5 views

Mageia: Security Advisory (MGASA-2025-0055)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS7.1AI score0.00476EPSS
Exploits0References4
OSV
OSV
added 2025/02/12 6:37 a.m.11 views

MGASA-2025-0055 Updated python-pip packages fix security vulnerability

Mercurial configuration injectable in repo revision when installing via pip. CVE-2023-5752...

5.5CVSS6AI score0.00476EPSS
Exploits0References3
Mageia
Mageia
added 2025/02/12 6:37 a.m.42 views

Updated python-pip packages fix security vulnerability

Mercurial configuration injectable in repo revision when installing via pip. CVE-2023-5752...

5.5CVSS6AI score0.00476EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/01/17 12:0 a.m.19 views

GLSA-202501-03 : pip: arbitrary configuration injection

The remote host is affected by the vulnerability described in GLSA-202501-03 pip: arbitrary configuration injection Multiple vulnerabilities have been discovered in pip. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

5.5CVSS6.9AI score0.00476EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.10 views

Fedora 41 : pypy (2024-305522ab38)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-305522ab38 advisory. Automatic update for pypy-7.3.15-3.fc41. Changelog Tue Apr 30 2024 Charalampos Stratakis - 7.3.15-3 - Security fix for CVE-2023-5752 for the bundled pip whee...

5.5CVSS6.6AI score0.00476EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/07 12:0 a.m.22 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python312-pip (SUSE-SU-2024:3156-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:3156-1 advisory. - CVE-2023-5752: Avoiding injection of arbitrary configuration through Mercurial parameter. bsc1217353...

5.5CVSS6.9AI score0.00476EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/09/07 12:0 a.m.14 views

openSUSE Security Advisory (SUSE-SU-2024:3156-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6AI score0.00476EPSS
Exploits0References4
CBLMariner
CBLMariner
added 2024/08/25 3:13 p.m.14 views

CVE-2023-5752 affecting package python3 for versions less than 3.12.3-1

CVE-2023-5752 affecting package python3 for versions less than 3.12.3-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.9AI score0.00476EPSS
Exploits0
Rows per page
Query Builder