Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pip vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2013-1888
pip prior to 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
Pypa Pip
Fedoraproject Fedora 17
Fedoraproject Fedora 18
Fedoraproject Fedora 19
6.8
CVSSv2
CVE-2013-1629
pip prior to 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle malicious users to execute arbitrary code via a crafted response to a "pip install" operation.
Pypa Pip
7.1
CVSSv2
CVE-2013-3581
ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote malicious users to obtain sensitive information via an Ajax (1) wmxState or (2) netState request.
Choice Wireless Wixfmr-111 -
9.3
CVSSv2
CVE-2013-4731
ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote malicious users to execute arbitrary commands via shell metacharacters in the pip parameter in an Ajax tag_ipPing request, a different vulnerability than CVE-2013-3581.
Choice-wireless Wixfmr-111 -
6.8
CVSSv2
CVE-2007-4559
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote malicious users to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Python Python
7 Github repositories
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4