Lucene search
K

14 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2018-20225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private...

7.8CVSS6.5AI score0.01736EPSS
Exploits0References3
CBLMariner
CBLMariner
added 2025/01/12 9:15 a.m.48 views

CVE-2018-20225 affecting package python-pip 19.2-2

CVE-2018-20225 affecting package python-pip 19.2-2. No patch is available currently...

7.8CVSS9.9AI score0.01736EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/09 7:8 a.m.68 views

Security Bulletin: IBM Maximo Application Suite - There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2018-20225, CVE-2019-20916, CVE-2023-43804, CVE-2023-4807)

Summary There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: Pip could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the --extra-index-url option. By...

8.1CVSS9.1AI score0.03028EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.28 views

RHEL 7 : python-pip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-pip: when --extra-index-url option is used and package does not already exist in the public index,...

7.8CVSS7.5AI score0.03028EPSS
Exploits2References3
F5 Networks
F5 Networks
added 2023/01/10 8:25 a.m.6 views

K000130545: Python-pip vulnerability CVE-2018-20225

Security Advisory Description DISPUTED An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitati...

7.8CVSS6.9AI score0.01736EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/15 7:7 p.m.57 views

Security Bulletin: Pip as used by IBM QRadar Advisor With Watson is vulnerable to multiple vulnerabilities (CVE-2019-20916, CVE-2021-3572, CVE-2018-20225)

Summary Pip as used by IBM QRadar Advisor With Watson to manage python packages is vulnerable to multiple vulnerabilities. IBM QRadar Advisor With Watson has addressed the applicable CVEs by updating pip. Vulnerability Details CVEID: CVE-2019-20916 DESCRIPTION: pypa pip package for python could...

7.8CVSS1.1AI score0.03028EPSS
Exploits3Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/04/15 12:0 a.m.40 views

EulerOS Virtualization 2.9.1 : python-pip (EulerOS-SA-2021-1728)

According to the version of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - DISPUTED An issue was discovered in pip all versions because it installs the version with the highest version number, even if th...

7.8CVSS6.5AI score0.01736EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/04/13 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2021-1745)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.01736EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/04/13 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2021-1728)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.01736EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/17 4:48 p.m.38 views

Security Bulletin: WML CE: pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index

Summary DISPUTED An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the...

7.8CVSS0.8AI score0.01736EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/19 5:8 a.m.27 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python. Vulnerability Details CVEID: CVE-2018-20225 DESCRIPTION: Pip could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the --extra-index-url option. By sending a...

9.8CVSS2AI score0.04422EPSS
Exploits1Affected Software1
OSV
OSV
added 2020/05/08 6:15 p.m.9 views

CVE-2018-20225

An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not...

7.8CVSS7.4AI score0.01736EPSS
Exploits0References4
CVE
CVE
added 2020/05/08 5:29 p.m.348 views

CVE-2018-20225

CVE-2018-20225 (pip) — The issue affects pip (all versions) where, when using the --extra-index-url option, pip installs the highest-version package, even if a private package is intended from a private index. The exploit condition requires that the private package does not exist in the public in...

7.8CVSS7.5AI score0.01736EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2020/05/08 5:29 p.m.24 views

CVE-2018-20225

Removed by vendor...

7.8CVSS6.3AI score0.01736EPSS
Exploits0
Rows per page
Query Builder