Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS : pip vulnerabilities (USN-8344-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8344-1 advisory. It was discovered that pip incorrectly handled TLS certificate verification in session connections. If a session was first used...

Security Bulletin: IBM Maximo Application Suite - IoT Component uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite - IoT Component uses "lz4-java-1.8.0.jar, werkzeug-3.1.3-py3-none-any.whl, urllib3-2.3.0-py3-none-any.whl, urllib3-2.6.0-py3-none-any.whl, urllib3-2.6.2-py3-none-any.whl, pyasn1-0.6.1.tar.gz, github.com/opencontainers/runc v1.1.13,...

Important: Red Hat Security Advisory: Satellite 6.18.3 Async Update

A new release is now available for Red Hat Satellite 6.18 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: Red Hat Security Advisory: resource-agents security update

An update for resource-agents is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update...

RHEL 8 : fence-agents (RHSA-2026:1701)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1701 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable...

Important: Red Hat Security Advisory: python-s3transfer security update

An update for python-s3transfer is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

RHEL 9 : fence-agents (RHSA-2026:1332)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1332 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable...

RHEL 8 : resource-agents (RHSA-2026:1338)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1338 advisory. The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several service...

EulerOS 2.0 SP13 : python-pip (EulerOS-SA-2025-2531)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected...

Security Bulletin: IBM Edge Data Collector uses urllib3-1.26.19-py2.py3-none-any.whl which is vulnerable to CVE-2025-50181, CVE-2025-50182.

Summary IBM Edge Data Collector uses urllib3-1.26.19-py2.py3-none-any.whl which is vulnerable to CVE-2025-50181, CVE-2025-50182. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP...

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2025-1058)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1058 advisory. urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disab...

TencentOS Server 3: python3x-pip (TSSA-2022:0182)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0182 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

RockyLinux 8 : resource-agents (RLSA-2024:2952)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2952 advisory. urllib3: Request body not stripped after redirect from 303 status changes request method to GET CVE-2023-45803 pycryptodome: side-channel leakage for OAE...

Moderate: Red Hat Security Advisory: python3.11-urllib3 security update

An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

python-urllib3: Cookie request header isn't stripped during cross-origin redirects

A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...

Request body not stripped after redirect in urllib3

...

OESA-2022-1944 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 21.3.1 Release: 1 Summary: A...