Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in virtualenv-20.26.3-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in virtualenv-20.26.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-22702 DESCRIPTION: virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.5.1)

The version of AOS installed on the remote host is prior to 7.5.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.5.1 advisory. - A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library...

Security Bulletin: IBM Edge Data Collector uses virtualenv-20.26.6-py3-none-any.whl which is vulnerable to CVE-2026-22702.

Summary IBM Edge Data Collector uses virtualenv-20.26.6-py3-none-any.whl which is vulnerable to CVE-2026-22702. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-22702 DESCRIPTION: virtualenv is a tool for creating isolated virtual python...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Time-of-Check to Time-of-Use in virtualenv [CVE-2026-22702]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Time-of-Check to Time-of-Use in virtualenv, caused by flaws which allow local attackers to perform symlink-based attacks on directory creation operations. CVE-2026-22702. virtualenv is used in our java microservices. This...

GHSA-597G-3PHW-6986 virtualenv Has TOCTOU Vulnerabilities in Directory Creation

Impact TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's appdat...

SUSE CVE-2026-22702

virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...

CVE-2026-22702

virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...

EUVD-2011-0025

Malware in sbrugna...

Azure Linux 3.0 Security Update: python-virtualenv (CVE-2024-53899)

The version of python-virtualenv installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53899 advisory. - virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual...

USN-7271-2: virtualenv vulnerability

USN-7271-1 fixed a vulnerability in virtualenv. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that virtualenv incorrectly handled paths when activating virtual environments. An attacker could possibly use this issue to execute...

Ubuntu 24.04 LTS : virtualenv vulnerability (USN-7271-2)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7271-2 advisory. USN-7271-1 fixed a vulnerability in virtualenv. This update provides the corresponding updates for Ubuntu 24.04 LTS. Tenable has extracted the preceding descripti...

USN-7271-1: virtualenv vulnerability

It was discovered that virtualenv incorrectly handled paths when activating virtual environments. An attacker could possibly use this issue to execute arbitrary code...

Ubuntu 20.04 LTS / 22.04 LTS : virtualenv vulnerability (USN-7271-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7271-1 advisory. It was discovered that virtualenv incorrectly handled paths when activating virtual environments. An attacker could possibly use this issue to execute...

5gasp-cli (>=0.1.0 <=0.4.0), ablator (=0.0.1b3) +232 more potentially affected by CVE-2024-53899 via virtualenv (>=12.1.1 <=20.26.4)

virtualenv PYPI version =12.1.1, =0.1.0, =2.0.1, =0.0.2, =0.2.0, =2024.7.4, =0.8.3b20230820, =0.8.3b20231012, =0.8.3b20231012, =1.0.0b0, =0.0.1, =1.0.10 and more Source cves: CVE-2024-53899 Source advisory: OSV:GHSA-RQC4-2HC7-8C8V...

CVE-2024-53899

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...

PYSEC-2024-187

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...

5gasp-cli (>=0.1.0 <=0.4.0), ablator (=0.0.1b3) +232 more potentially affected by CVE-2024-53899 via virtualenv (>=12.1.1 <=20.26.4)

virtualenv PYPI version =12.1.1, =0.1.0, =2.0.1, =0.0.2, =0.2.0, =2024.7.4, =0.8.3b20230820, =0.8.3b20231012, =0.8.3b20231012, =1.0.0b0, =0.0.1, =1.0.10 and more Source cves: CVE-2024-53899 Source advisory: OSV:PYSEC-2024-187...

PT-2024-9155 · Unknown +10 · Virtualenv +10

Name of the Vulnerable Software and Affected Versions: virtualenv versions prior to 20.26.6 Description: The issue is related to command injection through the activation scripts for a virtual environment in virtualenv. It is caused by the incorrect quoting of magic template strings when replacing...