14 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-20225
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private...
CVE-2018-20225 affecting package python-pip 19.2-2
CVE-2018-20225 affecting package python-pip 19.2-2. No patch is available currently...
Security Bulletin: IBM Maximo Application Suite - There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2018-20225, CVE-2019-20916, CVE-2023-43804, CVE-2023-4807)
Summary There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: Pip could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the --extra-index-url option. By...
RHEL 7 : python-pip (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-pip: when --extra-index-url option is used and package does not already exist in the public index,...
K000130545: Python-pip vulnerability CVE-2018-20225
Security Advisory Description DISPUTED An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitati...
Security Bulletin: Pip as used by IBM QRadar Advisor With Watson is vulnerable to multiple vulnerabilities (CVE-2019-20916, CVE-2021-3572, CVE-2018-20225)
Summary Pip as used by IBM QRadar Advisor With Watson to manage python packages is vulnerable to multiple vulnerabilities. IBM QRadar Advisor With Watson has addressed the applicable CVEs by updating pip. Vulnerability Details CVEID: CVE-2019-20916 DESCRIPTION: pypa pip package for python could...
EulerOS Virtualization 2.9.1 : python-pip (EulerOS-SA-2021-1728)
According to the version of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - DISPUTED An issue was discovered in pip all versions because it installs the version with the highest version number, even if th...
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2021-1745)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2021-1728)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: WML CE: pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index
Summary DISPUTED An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python. Vulnerability Details CVEID: CVE-2018-20225 DESCRIPTION: Pip could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the --extra-index-url option. By sending a...
CVE-2018-20225
An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not...
CVE-2018-20225
CVE-2018-20225 (pip) — The issue affects pip (all versions) where, when using the --extra-index-url option, pip installs the highest-version package, even if a private package is intended from a private index. The exploit condition requires that the private package does not exist in the public in...
CVE-2018-20225
Removed by vendor...