EulerOS Virtualization 2.13.1 : python-pip (EulerOS-SA-2026-1640)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn'...

MiracleLinux 8 : python-pip-9.0.3-18.el8 (AXSA:2020-1044:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-1044:05 advisory. python-pip: directory traversal in downloadhttpurl function in src/pip/internal/download.py CVE-2019-20916 Tenable has extracted the preceding description...

EulerOS Virtualization 2.13.0 : python-pip (EulerOS-SA-2025-2616)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2021-3572...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2025-2489)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2025-2510)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2025-1211)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1211 advisory. When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.Note that upgrading pip to a fixed version for this...

NewStart CGSL MAIN 6.06 : python-pip Vulnerability (NS-SA-2025-0244)

The remote NewStart CGSL host, running version MAIN 6.06, has python-pip packages installed that are affected by a vulnerability: - Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary cod...

NewStart CGSL MAIN 6.06 : python-pip Vulnerability (NS-SA-2025-0209)

The remote NewStart CGSL host, running version MAIN 6.06, has python-pip packages installed that are affected by a vulnerability: - pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. CVE-2013-1888 Note that Ness...

aaanalysis (>=0.1.2 <=1.0.0), aadetools (>=0.0.3 <=0.0.5) +538 more potentially affected by CVE-2025-8869 via pip (>=10.0.0b2 <=25.1.1)

pip PYPI version =10.0.0b2, =0.1.2, =0.0.3, =0.5.14, =0.1.1, =2.0.0, =0.2.1, =0.1.2, =0.0.1, =0.1.0, =0.1.10, =0.2.0, =0.68.0, =1.8.15, =1.8.17, =1.8.19 and more Source cves: CVE-2025-8869 Source advisory: SNYK:PYTHON-PIP-13045331...

ROS-20250924-01

The vulnerability of the pip module of the Python programming language is related to the failure to clean data at the control layer. Exploitation of the vulnerability could allow an attacker to change the repository configuration...

Amazon Linux 2 : python-pip (ALAS-2025-2935)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2935 advisory. urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable...

NewStart CGSL MAIN 7.02 : python-pip Vulnerability (NS-SA-2025-0142)

The remote NewStart CGSL host, running version MAIN 7.02, has python-pip packages installed that are affected by a vulnerability: - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary...

EulerOS 2.0 SP10 : python-pip (EulerOS-SA-2025-1788)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises...

Alibaba Cloud Linux 3 : 0005: python-pip (ALINUX3-SA-2024:0005)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0005 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2007-4559: Directory traversal vulnerability in...

Alibaba Cloud Linux 3 : 0103: python-pip (ALINUX3-SA-2022:0103)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0103 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2018-18074: The Requests package befor...

Amazon Linux 2 : python38-pip (ALASPYTHON3.8-2025-018)

The version of python38-pip installed on the remote host is prior to 21.0.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2PYTHON3.8-2025-018 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows...

Medium: python-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

Amazon Linux 2 : python-pip (ALAS-2025-2799)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2799 advisory. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as globally reachable or private. This affected the isprivate and isglobal properties of...

PT-2023-36241 · Unknown · Python-Pip

Name of the Vulnerable Software and Affected Versions: python-pip affected versions not specified Description: The issue with python-pip is related to the presence of .exe files in the RPM package, which could cause problems with security scanners. Recommendations: At the moment, there is no...