22 matches found
Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages (CVE-2018-20225, CVE-2025-6985, CVE-2025-54368)
Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intend...
Linux Distros Unpatched Vulnerability : CVE-2025-61774
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyVista provides 3D plotting and mesh analysis through an interface for the Visualization Toolkit VTK. Version 0.46.3 of the PyVista Project is vulnerable to...
CVE-2025-61774
PyVista provides 3D plotting and mesh analysis through an interface for the Visualization Toolkit VTK. Version 0.46.3 of the PyVista Project is vulnerable to remote code execution via dependency confusion. Two pieces of code use--extra-index-url. But when --extra-index-url is used, pip always...
DEBIAN-CVE-2025-61774
PyVista provides 3D plotting and mesh analysis through an interface for the Visualization Toolkit VTK. Version 0.46.3 of the PyVista Project is vulnerable to remote code execution via dependency confusion. Two pieces of code use--extra-index-url. But when --extra-index-url is used, pip always...
CVE-2025-61774
PyVista provides 3D plotting and mesh analysis through an interface for the Visualization Toolkit VTK. Version 0.46.3 of the PyVista Project is vulnerable to remote code execution via dependency confusion. Two pieces of code use--extra-index-url. But when --extra-index-url is used, pip always...
UBUNTU-CVE-2025-61774
PyVista provides 3D plotting and mesh analysis through an interface for the Visualization Toolkit VTK. Version 0.46.3 of the PyVista Project is vulnerable to remote code execution via dependency confusion. Two pieces of code use--extra-index-url. But when --extra-index-url is used, pip always...
CVE-2025-61774
CVE-2025-61774 affects PyVista 0.46.3 and enables remote code execution through dependency confusion using pip --extra-index-url. The description notes that two code paths use --extra-index-url, and pip may fetch a higher-version package from a non-PyPI index if one package listed is not publishe...
CVE-2025-61774
PyVista provides 3D plotting and mesh analysis through an interface for the Visualization Toolkit VTK. Version 0.46.3 of the PyVista Project is vulnerable to remote code execution via dependency confusion. Two pieces of code use--extra-index-url. But when --extra-index-url is used, pip always...
CVE-2025-61774 PyVista has Dependency Confusion Vulnerability in that leads to RCE
PyVista provides 3D plotting and mesh analysis through an interface for the Visualization Toolkit VTK. Version 0.46.3 of the PyVista Project is vulnerable to remote code execution via dependency confusion. Two pieces of code use--extra-index-url. But when --extra-index-url is used, pip always...
EUVD-2025-32591
PyVista provides 3D plotting and mesh analysis through an interface for the Visualization Toolkit VTK. Version 0.46.3 of the PyVista Project is vulnerable to remote code execution via dependency confusion. Two pieces of code use--extra-index-url. But when --extra-index-url is used, pip always...
CVE-2025-61774 PyVista has Dependency Confusion Vulnerability in that leads to RCE
PyVista provides 3D plotting and mesh analysis through an interface for the Visualization Toolkit VTK. Version 0.46.3 of the PyVista Project is vulnerable to remote code execution via dependency confusion. Two pieces of code use--extra-index-url. But when --extra-index-url is used, pip always...
CVE-2025-61774 PyVista has Dependency Confusion Vulnerability in that leads to RCE
PyVista provides 3D plotting and mesh analysis through an interface for the Visualization Toolkit VTK. Version 0.46.3 of the PyVista Project is vulnerable to remote code execution via dependency confusion. Two pieces of code use--extra-index-url. But when --extra-index-url is used, pip always...
PT-2025-40952
Name of the Vulnerable Software and Affected Versions PyVista version 0.46.3 Description PyVista, a software for 3D plotting and mesh analysis using the Visualization Toolkit VTK, is susceptible to remote code execution through a dependency confusion issue. The software’s use of the...
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely
...
RHEL 8 : python-pip (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-pip: when --extra-index-url option is used and package does not already exist in the public index, the...
SUSE CVE-2018-20225
An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not...
K000130545: Python-pip vulnerability CVE-2018-20225
Security Advisory Description DISPUTED An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitati...
EulerOS Virtualization 2.9.1 : python-pip (EulerOS-SA-2021-1728)
According to the version of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - DISPUTED An issue was discovered in pip all versions because it installs the version with the highest version number, even if th...
CVE-2018-20225
A flaw was found in python-pip. The software installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exi...
CVE-2018-20225
Removed by vendor...