MiracleLinux 8 : python-pip-9.0.3-18.el8 (AXSA:2020-1044:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-1044:05 advisory. python-pip: directory traversal in downloadhttpurl function in src/pip/internal/download.py CVE-2019-20916 Tenable has extracted the preceding description...

Security Bulletin: Vulnerability in pip package affects IBM Db2 Data Management Console(CVE-2019-20916)

Summary pip dependency package is used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: The pip package before 19.2 for Python allows Directory Traversal when a URL is given in...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to directory traversal due to the pip package (CVE-2019-20916)

Summary Pip is used by DataStage on Cloud Pak for Data as part of package management. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have...

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.0.8. Vulnerability Details CVEID:CVE-2024-31883 DESCRIPTION: IBM Security Verify Access, under certain configurations, could allow an unauthenticated...

Security Bulletin: IBM Maximo Application Suite - IoT uses multiple dependencies which is vulnerable to CVEs.

Summary IBM Maximo Application Suite - IoT uses pip-9.0.3.dist-info, urllib3-1.24.2-py3.6.egg-info, setuptools-39.2.0.dist-info which is vulnerable to CVE-2019-20916, CVE-2023-43804, CVE-2024-6345. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Detai...

Linux Distros Unpatched Vulnerability : CVE-2019-20916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ i...

Security Bulletin: Multiple Security vulnerablilites affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple security vulnerabilities affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. Python is included in some container base images for IBM Robotic Process Automation for Cloud Pak. This bulleti...

Security Bulletin: IBM Maximo Application Suite - There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2018-20225, CVE-2019-20916, CVE-2023-43804, CVE-2023-4807)

Summary There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: Pip could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the --extra-index-url option. By...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 277. Vulnerability Details CVEID:CVE-2023-47038 DESCRIPTION: Perl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the user-defined...

RHEL 7 : python-pip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-pip: when --extra-index-url option is used and package does not already exist in the public index,...

Rocky Linux 8 : python27:2.7 (RLSA-2020:4654)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4654 advisory. - In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because...

Oracle Linux 8 : python27:2.7 (ELSA-2020-4654)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4654 advisory. - The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can...

Oracle Access Manager Multiple Vulnerabilities (Apr 2023 CPU)

The version of Oracle Access Manager installed on the remote host is missing a security patch from the April 2023 CPU Advisory. It is, therefore, affected by multiple vulnerabilities: - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Third Party Jython. T...

SUSE SLES15 Security Update : python-pip (SUSE-SU-2023:0516-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0516-2 advisory. - The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition...

RHEL 7 : python27 (RHSA-2020:4273)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4273 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Security Bulletin: A vulnerability in Python affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2019-20916)

Summary A vulnerability in Python affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data CVE-2019-20916. Please see the details below on how to remediate this issue. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip package for python could allow a remote attacker ...

python security update

CentOS Errata and Security Advisory CESA-2022:5234 An update for python-virtualenv is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

python-virtualenv security update

15.1.0-7 - Security fix for CVE-2019-20916 for the bundled pip wheel Resolves: rhbz1868135...

Oracle Linux 7 : python-virtualenv (ELSA-2022-5234)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-5234 advisory. 15.1.0-7 - Security fix for CVE-2019-20916 for the bundled pip wheel Resolves: rhbz1868135 Tenable has extracted the preceding description block directly from t...

Scientific Linux Security Update : python-virtualenv on SL7.x (noarch) (2022:5234)

The remote Scientific Linux 7 host has a package installed that is affected by a vulnerability as referenced in the SLSA-2022:5234-1 advisory. - python-pip: directory traversal in downloadhttpurl function in src/pip/internal/download.py CVE-2019-20916 Note that Nessus has not tested for this issu...