625 matches found
EulerOS Virtualization 2.9.1 : python-pip (EulerOS-SA-2024-1046)
According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide an...
EulerOS 2.0 SP10 : python-pip (EulerOS-SA-2023-2797)
According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirect...
EulerOS Virtualization 3.0.6.0 : python-pip (EulerOS-SA-2023-3450)
According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination server...
EulerOS 2.0 SP8 : python-pip (EulerOS-SA-2023-3151)
According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirect...
EulerOS Virtualization 2.9.1 : python-pip (EulerOS-SA-2023-2969)
According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination server...
EulerOS 2.0 SP10 : python-pip (EulerOS-SA-2023-2821)
According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirect...
EulerOS Virtualization 2.10.0 : python-pip (EulerOS-SA-2023-2945)
According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination server...
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-1046)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-1020)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2023:4987-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : python-pip (SUSE-SU-2023:4987-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4987-1 advisory. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the specified Mercurial revision could b...
SUSE-SU-2023:4988-1 Security update for python-pip
This update for python-pip fixes the following issues: - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter bsc1217353...
SUSE-SU-2023:4987-1 Security update for python-pip
This update for python-pip fixes the following issues: - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter bsc1217353...
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2023-3450)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2023-3315)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2023-3347)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: python-pip
Issue Overview: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how...
Amazon Linux 2 : python-pip (ALAS-2023-2349)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2349 advisory. When installing a package from a Mercurial VCS URL ie pip installhg+... with pip prior to v23.3, the specified Mercurial revision couldbe used to inject arbitrary configuration options to the hg clonecall...
CVE-2023-5752
A flaw was found in the Python pip package. The pip could allow a local authenticated attacker to bypass security restrictions due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker can inject arbitrary configuration options to the "h...
Oracle Linux 8 : python-pip (ELSA-2023-7176)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7176 advisory. 9.0.3-23 - Use tarfile.datafilter for extracting CVE-2007-4559, PEP-721, PEP-706 Resolves: RHBZ2218241 Tenable has extracted the preceding description block...