96 matches found
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fixed the use of racyskbqueueempty The receive queues are protected by their respective spin-locks, not the socket lock. This could lead to skbpeek returning NULL or a pointer to a socket buffer that has already been...
Astra Linux - уязвимость в linux, linux-5.10
The pepsockaccept function in the net/phonet/pep.c file in the Linux kernel, as of version 5.15.8, has a reference count leak...
Security Bulletin: Symlink Traversal Vulnerability in pip Tar Extraction Fallback on Pre-PEP 706 Python Versions, watsonx.data
Summary A vulnerability in pip allows improper handling of symbolic links during tar extraction on older Python versions without PEP 706, potentially leading to path traversal outside the intended directory; updating pip and Python mitigates the risk. This can affect watsonx.data. Vulnerability...
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2026-1640)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.12.1 : python-pip (EulerOS-SA-2026-1457)
According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests...
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2026-1544)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP11 : python-pip (EulerOS-SA-2026-1618)
According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP...
EulerOS 2.0 SP13 : python-pip (EulerOS-SA-2026-1226)
According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP...
[SECURITY] Fedora 42 Update: python-wheel-0.45.1-5.fc42
This is a command line tool for manipulating Python wheel files, as defined in PEP 427. It contains the following functionality: - Convert .egg archives into .whl. - Unpack wheel archives. - Repack wheel archives. - Add or remove tags in existing wheel archives...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005067)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005067 advisory. In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skbqueueempty use The receive queues are protected by their respective...
USN-7916-2 python-apt regression
USN-7916-1 fixed a vulnerability in python-apt. The update had a PEP 440 incompatible version. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Julian Andres Klode discovered that python-apt incorrectly handled deb822 configuration files. An attacker...
OESA-2025-2741 python-pip security update
pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 20.2.2 Release: 4 Summary: A...
Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2025-1216)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1216 advisory. When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.Note that upgrading pip to a fixed version for this...
Medium: python-pip
Issue Overview: When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by usin...
EUVD-2019-0130
Malware in sbrugna...
BIT-PIP-2025-8869 Fallback tar extraction in pip doesn't check symbolic links point to extraction directory
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...
CVE-2025-8869
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...
AZL-67788 CVE-2025-8869 affecting package python-pip for versions less than 24.2-4
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...
CVE-2025-8869 Fallback tar extraction in pip doesn't check symbolic links point to extraction directory
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...
CVE-2025-8869 Fallback tar extraction in pip doesn't check symbolic links point to extraction directory
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...