Lucene search
K

12 matches found

OSV
OSV
added 2026/06/26 2:5 p.m.2 views

SUSE-SU-2026:2664-1 Security update for python, python-base, python-doc

This update for python, python-base, python-doc fixes the following issues Security fixes: - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599. - CVE-2026-3219: pip doesn't reject concatenated ZIP...

9.1CVSS7.4AI score0.00579EPSS
Exploits2References16
OSV
OSV
added 2026/06/08 2:58 p.m.8 views

CLEANSTART-2026-NN42198 Security fixes for CVE-2024-35195, CVE-2024-47081, CVE-2025-8869, CVE-2026-1703, CVE-2026-25645, CVE-2026-3219, CVE-2026-44431, CVE-2026-44432, CVE-2026-45409, CVE-2026-48710, CVE-2026-6357, ghsa-58qw-9mgm-455v, ghsa-65pc-fj4g-8rjx, ghsa-jp4c-xjxw-mgf9, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc applied in versions: 1.25.2-r0, 2.2.3-r0, 2.2.3-r1

Multiple security vulnerabilities affect the k8s-sidecar package. These issues are resolved in later releases. See references for individual vulnerability details...

8.9CVSS6.5AI score0.01438EPSS
Exploits4References28
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.11 views

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1665)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1665 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such...

5.3CVSS6.3AI score0.00144EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.10 views

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1666)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1666 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such...

5.3CVSS6.3AI score0.00144EPSS
Exploits0References6
OSV
OSV
added 2026/05/18 12:58 p.m.7 views

CLEANSTART-2026-QK55639 Security fixes for CVE-2026-44431, CVE-2026-44432, CVE-2026-6357, ghsa-gc5v-m9x4-r6x2, ghsa-jp4c-xjxw-mgf9, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc applied in versions: 26.1.0.0-r1

Multiple security vulnerabilities affect the miniforge3 package. These issues are resolved in later releases. See references for individual vulnerability details...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References11
OSV
OSV
added 2026/05/18 12:58 p.m.12 views

CLEANSTART-2026-HZ86045 Security fixes for CVE-2026-44431, CVE-2026-44432, CVE-2026-6357, ghsa-jp4c-xjxw-mgf9, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc applied in versions: 26.1.1.0-r0

Multiple security vulnerabilities affect the miniforge3 package. These issues are resolved in later releases. See references for individual vulnerability details...

8.9CVSS6.3AI score0.0068EPSS
Exploits0References10
Amazon
Amazon
added 2026/05/15 12:0 a.m.13 views

Important: python-pip

Issue Overview: pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update...

5.3CVSS5.8AI score0.00138EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-6357

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These...

5.3CVSS6.3AI score0.00138EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/04/27 3:30 p.m.6 views

aaanalysis (>=0.1.2 <=1.0.2), aadetools (>=0.0.3 <=0.0.5) +582 more potentially affected by CVE-2026-6357 via pip (>=10.0.0b2 <=26.0.1)

pip PYPI version =10.0.0b2, =0.1.2, =0.0.3, =0.5.14, =0.1.1, =2.0.0, =0.2.1, =0.1.2, =0.0.1, =0.1.0, =0.1.10, =0.2.0, =0.68.0, =1.8.15, =1.8.17, =1.8.19 and more Source cves: CVE-2026-6357 Source advisory: OSV:GHSA-JP4C-XJXW-MGF9...

5.3CVSS6.2AI score0.00138EPSS
Exploits0
OSV
OSV
added 2026/04/27 3:16 p.m.3 views

UBUNTU-CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.8AI score0.00138EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/27 2:19 p.m.5 views

CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.3AI score0.00138EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/27 2:19 p.m.3 views

CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.3AI score0.00138EPSS
Exploits0References3
Rows per page
Query Builder