Lucene search
K

78 matches found

OSV
OSV
added 2026/06/12 12:25 p.m.15 views

OESA-2026-2631 python-pip security update

%changelog Sat Jul 13 2024 yangyuan [email protected] - 23.3.1-2 - Fix CVE-2023-45803 and CVE-2024-37891 Security Fixes: A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel...

8CVSS5.8AI score0.0032EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a deni...

5.1CVSS5.9AI score0.00152EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.11 views

SUSE CVE-2026-49762

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and numeric...

5.1CVSS5.5AI score0.00152EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 2:16 p.m.28 views

CVE-2026-49762

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and numeric...

5.1CVSS0.00152EPSS
Exploits0References4
OSV
OSV
added 2026/06/09 2:16 p.m.7 views

UBUNTU-CVE-2026-49762

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and numeric...

5.1CVSS5.4AI score0.00152EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/09 2:4 p.m.37 views

CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and numeric...

5.1CVSS0.00152EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/09 2:4 p.m.14 views

EUVD-2026-35439

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and numeric...

5.1CVSS5.5AI score0.00152EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/09 2:4 p.m.10 views

CVE-2026-49762

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and numeric...

5.1CVSS5.5AI score0.00152EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/01 6:31 p.m.5 views

pip: Path traversal in console_scripts/gui_scripts entry point names allows installing scripts outside of target directory

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

8CVSS7.1AI score0.0032EPSS
Exploits0References36Affected Software1
NVD
NVD
added 2026/06/01 5:17 p.m.13 views

CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

8CVSS0.0032EPSS
Exploits0References33
OSV
OSV
added 2026/06/01 5:17 p.m.13 views

PYSEC-2026-196

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

5.5CVSS5.4AI score0.0032EPSS
Exploits0References4
PyPA
PyPA
added 2026/06/01 5:17 p.m.67 views

PYSEC-2026-196

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

8CVSS5.4AI score0.0032EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2026/06/01 5:17 p.m.13 views

PYSEC-0000-CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

5.5CVSS5.5AI score0.0032EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/01 3:1 p.m.1 views

CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

4.1CVSS7.1AI score0.0032EPSS
Exploits0References37
Vulnrichment
Vulnrichment
added 2026/06/01 3:1 p.m.11 views

CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

4.1CVSS5.8AI score0.0032EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:1 p.m.11 views

CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

8CVSS5.8AI score0.0032EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/01 3:1 p.m.13 views

EUVD-2026-33682

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

4.1CVSS5.8AI score0.0032EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 3:1 p.m.97 views

CVE-2026-8643

CVE-2026-8643 affects pip: a flaw in how entry-point names in wheel files are handled can cause path traversal and arbitrary file overwrite during wheel installation. Exploitation can overwrite files outside the installation directory. Reports from SUSE, AWS Amazon Linux advisories, and Red Hat r...

8CVSS5.8AI score0.0032EPSS
Exploits0References33Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-45480

Name of the Vulnerable Software and Affected Versions pip affected versions not specified Description pip fails to sanitize the resolved absolute path to the installation directory when treating console scripts and gui scripts as paths rather than file names. This allows entry points to be...

8CVSS5.8AI score0.0032EPSS
Exploits0References83
Snyk
Snyk
added 2026/05/27 5:3 p.m.13 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the wheel installation process. An attacker can overwrite arbitrary files within the installing user's permissions by convincing a user to install a specially crafted Python wheel containing malicious entry-point...

8.5CVSS6.3AI score0.0032EPSS
Exploits0References2
Rows per page
Query Builder