Lucene search
+L

25 matches found

nessus
nessus
added 2026/06/27 12:0 a.m.8 views

SUSE SLES12: libpython2_7-1_0 / libpython2_7-1_0-32bit / python / python-32bit / etc (SUSE-SU-2026:2664-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2664-1 advisory. This update for python, python-base, python-doc fixes the following issues Security fixes: - CVE-2026-1703: files may be extracted outside the...

9.1CVSS7.8AI score0.00579EPSS
Exploits2References23
suse
suse
added 2026/06/12 1:57 p.m.30 views

Security update for python

This update for python fixes the following issues CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599. CVE-2026-3219: pip doesn't reject concatenated ZIP bsc1262429. CVE-2026-4786: Incomplete...

9.1CVSS7.1AI score0.00579EPSS
Exploits2References26
osv
osv
added 2026/06/12 1:57 p.m.6 views

SUSE-SU-2026:2387-1 Security update for python

This update for python fixes the following issues - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599. - CVE-2026-3219: pip doesn't reject concatenated ZIP bsc1262429. - CVE-2026-4786: Incomplete...

9.1CVSS7AI score0.00579EPSS
Exploits2References14
nessus
nessus
added 2026/06/10 12:0 a.m.10 views

EulerOS 2.0 SP13 : python-pip (EulerOS-SA-2026-2353)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when...

5.5CVSS5.5AI score0.0039EPSS
Exploits1References3
amazon
amazon
added 2026/04/30 12:0 a.m.13 views

Low: python-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

2CVSS5.2AI score0.0039EPSS
Exploits1
nessus
nessus
added 2026/04/30 12:0 a.m.9 views

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3256 (ALAS-2026-3256)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3256 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation director...

2CVSS5.4AI score0.0039EPSS
Exploits1References4
amazon
amazon
added 2026/04/30 12:0 a.m.5 views

Low: python-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

2CVSS5.2AI score0.0039EPSS
Exploits1
snyk
snyk
added 2026/04/01 10:17 p.m.3 views

Directory Traversal

Overview poetry is a Python dependency management and packaging made easy. Affected versions of this package are vulnerable to Directory Traversal due to improper validation of wheel destination path that is being constructed directly from untrusted wheel entry path without containment checks. An...

7.1CVSS6.5AI score0.00468EPSS
Exploits1References2
amazon
amazon
added 2026/04/01 12:0 a.m.10 views

Low: python3.12-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

2CVSS5.8AI score0.0039EPSS
Exploits1
amazon
amazon
added 2026/04/01 12:0 a.m.7 views

Low: python3.11-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

2CVSS5.8AI score0.0039EPSS
Exploits1
nessus
nessus
added 2026/04/01 12:0 a.m.5 views

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1531)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1531 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation...

2CVSS5.9AI score0.0039EPSS
Exploits1References4
amazon
amazon
added 2026/03/27 12:0 a.m.10 views

Low: python3.13-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

2CVSS5.8AI score0.0039EPSS
Exploits1
nessus
nessus
added 2026/03/05 12:0 a.m.8 views

TencentOS Server 4: python-pip (TSSA-2026:0096)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0096 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

2CVSS6AI score0.0039EPSS
Exploits1References2
osv
osv
added 2026/02/28 12:44 p.m.12 views

OESA-2026-1448 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 6 Summary: A...

8.9CVSS5.9AI score0.02667EPSS
Exploits1References3
osv
osv
added 2026/02/28 12:44 p.m.8 views

OESA-2026-1447 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 6 Summary: A...

8.9CVSS7.2AI score0.02667EPSS
Exploits1References3
osv
osv
added 2026/02/28 12:44 p.m.20 views

OESA-2026-1446 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 6 Summary: A...

2CVSS5.9AI score0.0039EPSS
Exploits1References2
osv
osv
added 2026/02/28 12:44 p.m.14 views

OESA-2026-1443 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 6 Summary: A...

8.9CVSS7.2AI score0.02667EPSS
Exploits1References3
opensuse
opensuse
added 2026/02/14 12:0 a.m.6 views

Security update for python-pip (low)

openSUSE security update: security update for python-pip ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20202-1 Rating: low References: bsc1257599 Cross-References: CVE-2026-1703 CVSS scores: CVE-2026-1703 SUSE : 3.1...

3.1CVSS5.5AI score0.0039EPSS
Exploits1References1
github
github
added 2026/02/02 3:30 p.m.9 views

pip Path Traversal vulnerability

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

2CVSS5.4AI score0.0039EPSS
Exploits1References5Affected Software1
osv
osv
added 2026/02/02 3:30 p.m.4 views

GHSA-6VGW-5PG2-W6JP pip Path Traversal vulnerability

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

2CVSS5.3AI score0.0039EPSS
Exploits1References5
Rows per page
Query Builder