Security update for python-virtualenv

This update for python-virtualenv fixes the following issues: CVE-2026-22702: Fixed local attacker can redirect file operations via TOCTOU race condition bsc1256458. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

SUSE-SU-2026:0233-1 Security update for python-virtualenv

This update for python-virtualenv fixes the following issues: - CVE-2026-22702: Fixed local attacker can redirect file operations via TOCTOU race condition bsc1256458...

AZL-75192 CVE-2026-24049 affecting package python-virtualenv 20.26.6-2

wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...

MiracleLinux 7 : python-virtualenv-15.1.0-4.el7 (AXSA:2020-4513:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4513:01 advisory. python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20060 python-urllib3: CRLF injection...

MiracleLinux 7 : python-virtualenv-15.1.0-7.el7 (AXSA:2022-3284:03)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3284:03 advisory. python-pip: directory traversal in downloadhttpurl function in src/pip/internal/download.py CVE-2019-20916 Tenable has extracted the preceding description...

python311-virtualenv-20.36.1-1.1 on GA media (moderate)

python311-virtualenv-20.36.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10055-1 Rating: moderate Cross-References: CVE-2025-68146 CVE-2026-22702 CVSS scores: CVE-2025-68146 SUSE : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2025-68146 SUSE : 5.7...

OPENSUSE-SU-2026:10055-1 python311-virtualenv-20.36.1-1.1 on GA media

These are all security issues fixed in the python311-virtualenv-20.36.1-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-50181 affecting package python-virtualenv for versions less than 20.26.6-2

CVE-2025-50181 affecting package python-virtualenv for versions less than 20.26.6-2. A patched version of the package is available...

EUVD-2020-3441

Malware in sbrugna...

AZL-77823 CVE-2025-50181 affecting package python-virtualenv 20.36.1-1

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...

AZL-64218 CVE-2025-50181 affecting package python-virtualenv for versions less than 20.26.6-2

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...

Fedora: Security Advisory (FEDORA-2024-89014f5794)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Azure Linux 3.0 Security Update: python-virtualenv (CVE-2024-53899)

The version of python-virtualenv installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53899 advisory. - virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual...

CBL Mariner 2.0 Security Update: python-virtualenv (CVE-2024-53899)

The version of python-virtualenv installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53899 advisory. - virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual...

CVE-2024-53899 affecting package python-virtualenv for versions less than 20.26.6-1

CVE-2024-53899 affecting package python-virtualenv for versions less than 20.26.6-1. An upgraded version of the package is available that resolves this issue...

USN-7271-2 python-virtualenv vulnerability

USN-7271-1 fixed a vulnerability in virtualenv. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that virtualenv incorrectly handled paths when activating virtual environments. An attacker could possibly use this issue to execute...

Ubuntu: Security Advisory (USN-7271-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7271-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-11073

In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious .venv file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0...

Important: python-virtualenv

Issue Overview: virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287. CVE-2024-53899 Affected Packages: python-virtualenv Issue...