Lucene search
K

21 matches found

RedHat Linux
RedHat Linux
added last week8 views

Important: Red Hat Security Advisory: python3.14-pip security update

An update for python3.14-pip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8CVSS7.3AI score0.0032EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added last week6 views

python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...

8CVSS7.4AI score0.0032EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/21 9:16 a.m.11 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python-pip: python-pip-wheel-26.1.1-3.hum1 noarch python3-pip-26.1.1-3.hum1 noarch python-pip-26.1.1-3.hum1.src src...

4.6CVSS6.2AI score0.00144EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.10 views

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1666)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1666 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such...

5.3CVSS6.3AI score0.00144EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/17 12:0 a.m.9 views

Fedora 44 : pypy (2026-130f7539d3)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-130f7539d3 advisory. Security fix for CVE-2026-3219 in the bundled pip wheel Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

4.6CVSS5.8AI score0.00144EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.10 views

Fedora 43 : pypy (2026-3505a95524)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3505a95524 advisory. Security fix for CVE-2026-3219 in the bundled pip wheel Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

4.6CVSS5.8AI score0.00144EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.17 views

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1689)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1689 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...

5.3CVSS5.8AI score0.00138EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.9 views

Fedora 45 : pypy (2026-b58cd376d6)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b58cd376d6 advisory. Automatic update for pypy-7.3.22-2.fc45. Changelog Tue May 5 2026 Charalampos Stratakis - 7.3.22-2 - Security fix for CVE-2026-3219 in the bundled pip wheel ...

4.6CVSS5.8AI score0.00144EPSS
Exploits0References2
Chainguard
Chainguard
added 2026/04/27 7:18 a.m.7 views

CVE-2026-3219 vulnerabilities

Vulnerabilities for packages: azureml-inference-server-http, localstack, pypy-3.11, pypy-3.10, py3-virtualenv, tensorflow-cpu-jupyter, nemo, tensorflow-gpu-jupyter, ansible-operator, py3-hashin, datadog-agent-fips, py3-pip-wheel-bootstrap, datadog-agent, request-1276, azure-functions-host, graalv...

4.6CVSS6.5AI score0.00144EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/27 7:18 a.m.6 views

GHSA-58QW-9MGM-455V vulnerabilities

Vulnerabilities for packages: azureml-inference-server-http, localstack, pypy-3.11, pypy-3.10, py3-virtualenv, tensorflow-cpu-jupyter, nemo, tensorflow-gpu-jupyter, ansible-operator, py3-hashin, datadog-agent-fips, py3-pip-wheel-bootstrap, datadog-agent, request-1276, azure-functions-host, graalv...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/04/27 1:48 a.m.22 views

CVE-2026-3219 vulnerabilities

Vulnerabilities for packages: pypy-3.11, kubeflow-katib, py3-cassandra-medusa, py3-pip, py3.14-virtualenv, pypy-3.10, py3-pip-wheel-bootstrap, tensorflow-cpu-jupyter, datadog-agent, py3-virtualenv...

4.6CVSS6.5AI score0.00144EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.5 views

Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1490)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1490 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation...

2CVSS5.9AI score0.0039EPSS
Exploits1References4
OSV
OSV
added 2026/02/02 3:16 p.m.5 views

AZL-76499 CVE-2026-1703 affecting package python3 3.9.19-19

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

2CVSS5.7AI score0.0039EPSS
Exploits1References1
OSV
OSV
added 2026/02/02 3:16 p.m.7 views

AZL-76593 CVE-2026-1703 affecting package python-pip 24.2-5

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

2CVSS5.7AI score0.0039EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/02/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-1703

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is...

2CVSS5.8AI score0.0039EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:15 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.12-pip python3.12-pip-wheel urllib3

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.12-pip python3.12-pip-wheel urllib3 Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is...

6.1CVSS6.2AI score0.00409EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/10/14 12:0 a.m.7 views

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2024-729)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-729 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/10/14 12:0 a.m.18 views

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2024-730)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-730 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/08/04 12:0 a.m.10 views

SUSE SLES15 Security Update : python-pip (SUSE-SU-2023:3184-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:3184-1 advisory. - Removed .exe files from the RPM package, to prevent issues with security scanners bsc1212015. Tenable has extracted the preceding description block...

5.9AI score
Exploits0References2
Oracle linux
Oracle linux
added 2022/06/29 12:0 a.m.58 views

python-virtualenv security update

15.1.0-7 - Security fix for CVE-2019-20916 for the bundled pip wheel Resolves: rhbz1868135...

7.5CVSS1.1AI score0.03028EPSS
Exploits1
Rows per page
Query Builder