Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-4030 (GCVE-0-2024-4030)
Vulnerability from cvelistv5
Published
2024-05-07 21:02
Modified
2024-09-07 02:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.
If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.
This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpython",
"vendor": "python",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "3.13.0a1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:32:37.215710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:55:02.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/python/cpython/issues/118486"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240705-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.8.20",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.9.20",
"status": "affected",
"version": "3.9.0",
"versionType": "python"
},
{
"lessThan": "3.10.15",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.10",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.4",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.0b1",
"status": "affected",
"version": "3.13.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aobo Wang"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eOn Windows a directory returned by \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003etempfile.mkdtemp()\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIf you\u2019re not using Windows or haven\u2019t changed the temporary directory location then you aren\u2019t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\u003c/span\u003e\u003c/p\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \u201c700\u201d for the \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003emkdir\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e function on Windows which is used by \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003emkdtemp()\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e to ensure the newly created directory has the proper permissions.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you\u2019re not using Windows or haven\u2019t changed the temporary directory location then you aren\u2019t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \u201c700\u201d for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-07T02:44:36.613Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/118486"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240705-0005/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "tempfile.mkdtemp() may be readable and writeable by all users on Windows",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-4030",
"datePublished": "2024-05-07T21:02:55.284Z",
"dateReserved": "2024-04-22T14:49:13.316Z",
"dateUpdated": "2024-09-07T02:44:36.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-4030\",\"sourceIdentifier\":\"cna@python.org\",\"published\":\"2024-05-07T21:15:09.467\",\"lastModified\":\"2024-11-21T09:42:03.650\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\\n\\nIf you\u2019re not using Windows or haven\u2019t changed the temporary directory location then you aren\u2019t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\\n\\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \u201c700\u201d for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.\"},{\"lang\":\"es\",\"value\":\"En Windows, un directorio devuelto por tempfile.mkdtemp() no siempre tendr\u00eda permisos configurados para restringir la lectura y escritura en el directorio temporal por parte de otros usuarios, sino que normalmente heredar\u00eda los permisos correctos de la ubicaci\u00f3n predeterminada. Es posible que las configuraciones alternativas o los usuarios sin un directorio de perfil no tengan los permisos previstos. Si no est\u00e1 utilizando Windows o no ha cambiado la ubicaci\u00f3n del directorio temporal, esta vulnerabilidad no le afecta. En otras plataformas, el directorio devuelto solo el usuario actual puede leerlo y escribirlo constantemente. Este problema se debi\u00f3 a que Python no admite permisos de Unix en Windows. La soluci\u00f3n agrega soporte para Unix \u201c700\u201d para la funci\u00f3n mkdir en Windows que utiliza mkdtemp() para garantizar que el directorio reci\u00e9n creado tenga los permisos adecuados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"cna@python.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]}],\"references\":[{\"url\":\"https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/issues/118486\",\"source\":\"cna@python.org\"},{\"url\":\"https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/\",\"source\":\"cna@python.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240705-0005/\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/issues/118486\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240705-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/issues/118486\", \"tags\": [\"issue-tracking\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240705-0005/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:26:57.265Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-4030\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-08T15:32:37.215710Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*\"], \"vendor\": \"python\", \"product\": \"cpython\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\"}, {\"status\": \"affected\", \"version\": \"3.13.0a1\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-08T15:32:32.050Z\"}}], \"cna\": {\"title\": \"tempfile.mkdtemp() may be readable and writeable by all users on Windows\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Aobo Wang\"}], \"impacts\": [{\"capecId\": \"CAPEC-1\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs\"}]}], \"affected\": [{\"repo\": \"https://github.com/python/cpython\", \"vendor\": \"Python Software Foundation\", \"product\": \"CPython\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.8.20\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.9.0\", \"lessThan\": \"3.9.20\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.10.0\", \"lessThan\": \"3.10.15\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.11.0\", \"lessThan\": \"3.11.10\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.12.0\", \"lessThan\": \"3.12.4\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.13.0a1\", \"lessThan\": \"3.13.0b1\", \"versionType\": \"python\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/python/cpython/issues/118486\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46\", \"tags\": [\"patch\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240705-0005/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\\n\\nIf you\\u2019re not using Windows or haven\\u2019t changed the temporary directory location then you aren\\u2019t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\\n\\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \\u201c700\\u201d for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eOn Windows a directory returned by \u003c/span\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003etempfile.mkdtemp()\u003c/span\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003e would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eIf you\\u2019re not using Windows or haven\\u2019t changed the temporary directory location then you aren\\u2019t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\u003c/span\u003e\u003c/p\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \\u201c700\\u201d for the \u003c/span\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003emkdir\u003c/span\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003e function on Windows which is used by \u003c/span\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003emkdtemp()\u003c/span\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003e to ensure the newly created directory has the proper permissions.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-276\", \"description\": \"CWE-276 Incorrect Default Permissions\"}]}], \"providerMetadata\": {\"orgId\": \"28c92f92-d60d-412d-b760-e73465c3df22\", \"shortName\": \"PSF\", \"dateUpdated\": \"2024-09-07T02:44:36.613Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-4030\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-07T02:44:36.613Z\", \"dateReserved\": \"2024-04-22T14:49:13.316Z\", \"assignerOrgId\": \"28c92f92-d60d-412d-b760-e73465c3df22\", \"datePublished\": \"2024-05-07T21:02:55.284Z\", \"assignerShortName\": \"PSF\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
opensuse-su-2024:14109-1
Vulnerability from csaf_opensuse
Published
2024-07-05 00:00
Modified
2024-07-05 00:00
Summary
python313-3.13.0~b3-1.1 on GA media
Notes
Title of the patch
python313-3.13.0~b3-1.1 on GA media
Description of the patch
These are all security issues fixed in the python313-3.13.0~b3-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14109
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python313-3.13.0~b3-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python313-3.13.0~b3-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14109",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14109-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3389 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-4944 page",
"url": "https://www.suse.com/security/cve/CVE-2011-4944/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-0845 page",
"url": "https://www.suse.com/security/cve/CVE-2012-0845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1150 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-1752 page",
"url": "https://www.suse.com/security/cve/CVE-2013-1752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-4238 page",
"url": "https://www.suse.com/security/cve/CVE-2013-4238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-2667 page",
"url": "https://www.suse.com/security/cve/CVE-2014-2667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4650 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-20907 page",
"url": "https://www.suse.com/security/cve/CVE-2019-20907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5010 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9947 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10735 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15523 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15523/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15801 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8492 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23336 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3177 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3426 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-25236 page",
"url": "https://www.suse.com/security/cve/CVE-2022-25236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42919 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-45061 page",
"url": "https://www.suse.com/security/cve/CVE-2022-45061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0286 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24329 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24329/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2650 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-27043 page",
"url": "https://www.suse.com/security/cve/CVE-2023-27043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-40217 page",
"url": "https://www.suse.com/security/cve/CVE-2023-40217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52425 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4030 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4030/"
}
],
"title": "python313-3.13.0~b3-1.1 on GA media",
"tracking": {
"current_release_date": "2024-07-05T00:00:00Z",
"generator": {
"date": "2024-07-05T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14109-1",
"initial_release_date": "2024-07-05T00:00:00Z",
"revision_history": [
{
"date": "2024-07-05T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python313-3.13.0~b3-1.1.aarch64",
"product": {
"name": "python313-3.13.0~b3-1.1.aarch64",
"product_id": "python313-3.13.0~b3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-curses-3.13.0~b3-1.1.aarch64",
"product": {
"name": "python313-curses-3.13.0~b3-1.1.aarch64",
"product_id": "python313-curses-3.13.0~b3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-dbm-3.13.0~b3-1.1.aarch64",
"product": {
"name": "python313-dbm-3.13.0~b3-1.1.aarch64",
"product_id": "python313-dbm-3.13.0~b3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-idle-3.13.0~b3-1.1.aarch64",
"product": {
"name": "python313-idle-3.13.0~b3-1.1.aarch64",
"product_id": "python313-idle-3.13.0~b3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-tk-3.13.0~b3-1.1.aarch64",
"product": {
"name": "python313-tk-3.13.0~b3-1.1.aarch64",
"product_id": "python313-tk-3.13.0~b3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"product": {
"name": "python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"product_id": "python313-x86-64-v3-3.13.0~b3-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python313-3.13.0~b3-1.1.ppc64le",
"product": {
"name": "python313-3.13.0~b3-1.1.ppc64le",
"product_id": "python313-3.13.0~b3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-curses-3.13.0~b3-1.1.ppc64le",
"product": {
"name": "python313-curses-3.13.0~b3-1.1.ppc64le",
"product_id": "python313-curses-3.13.0~b3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-dbm-3.13.0~b3-1.1.ppc64le",
"product": {
"name": "python313-dbm-3.13.0~b3-1.1.ppc64le",
"product_id": "python313-dbm-3.13.0~b3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-idle-3.13.0~b3-1.1.ppc64le",
"product": {
"name": "python313-idle-3.13.0~b3-1.1.ppc64le",
"product_id": "python313-idle-3.13.0~b3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-tk-3.13.0~b3-1.1.ppc64le",
"product": {
"name": "python313-tk-3.13.0~b3-1.1.ppc64le",
"product_id": "python313-tk-3.13.0~b3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"product": {
"name": "python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"product_id": "python313-x86-64-v3-3.13.0~b3-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python313-3.13.0~b3-1.1.s390x",
"product": {
"name": "python313-3.13.0~b3-1.1.s390x",
"product_id": "python313-3.13.0~b3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-curses-3.13.0~b3-1.1.s390x",
"product": {
"name": "python313-curses-3.13.0~b3-1.1.s390x",
"product_id": "python313-curses-3.13.0~b3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-dbm-3.13.0~b3-1.1.s390x",
"product": {
"name": "python313-dbm-3.13.0~b3-1.1.s390x",
"product_id": "python313-dbm-3.13.0~b3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-idle-3.13.0~b3-1.1.s390x",
"product": {
"name": "python313-idle-3.13.0~b3-1.1.s390x",
"product_id": "python313-idle-3.13.0~b3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-tk-3.13.0~b3-1.1.s390x",
"product": {
"name": "python313-tk-3.13.0~b3-1.1.s390x",
"product_id": "python313-tk-3.13.0~b3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"product": {
"name": "python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"product_id": "python313-x86-64-v3-3.13.0~b3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python313-3.13.0~b3-1.1.x86_64",
"product": {
"name": "python313-3.13.0~b3-1.1.x86_64",
"product_id": "python313-3.13.0~b3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-curses-3.13.0~b3-1.1.x86_64",
"product": {
"name": "python313-curses-3.13.0~b3-1.1.x86_64",
"product_id": "python313-curses-3.13.0~b3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-dbm-3.13.0~b3-1.1.x86_64",
"product": {
"name": "python313-dbm-3.13.0~b3-1.1.x86_64",
"product_id": "python313-dbm-3.13.0~b3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-idle-3.13.0~b3-1.1.x86_64",
"product": {
"name": "python313-idle-3.13.0~b3-1.1.x86_64",
"product_id": "python313-idle-3.13.0~b3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-tk-3.13.0~b3-1.1.x86_64",
"product": {
"name": "python313-tk-3.13.0~b3-1.1.x86_64",
"product_id": "python313-tk-3.13.0~b3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-x86-64-v3-3.13.0~b3-1.1.x86_64",
"product": {
"name": "python313-x86-64-v3-3.13.0~b3-1.1.x86_64",
"product_id": "python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-3.13.0~b3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64"
},
"product_reference": "python313-3.13.0~b3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-3.13.0~b3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le"
},
"product_reference": "python313-3.13.0~b3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-3.13.0~b3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x"
},
"product_reference": "python313-3.13.0~b3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-3.13.0~b3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64"
},
"product_reference": "python313-3.13.0~b3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-curses-3.13.0~b3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64"
},
"product_reference": "python313-curses-3.13.0~b3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-curses-3.13.0~b3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le"
},
"product_reference": "python313-curses-3.13.0~b3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-curses-3.13.0~b3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x"
},
"product_reference": "python313-curses-3.13.0~b3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-curses-3.13.0~b3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64"
},
"product_reference": "python313-curses-3.13.0~b3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-dbm-3.13.0~b3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64"
},
"product_reference": "python313-dbm-3.13.0~b3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-dbm-3.13.0~b3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le"
},
"product_reference": "python313-dbm-3.13.0~b3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-dbm-3.13.0~b3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x"
},
"product_reference": "python313-dbm-3.13.0~b3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-dbm-3.13.0~b3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64"
},
"product_reference": "python313-dbm-3.13.0~b3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-idle-3.13.0~b3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64"
},
"product_reference": "python313-idle-3.13.0~b3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-idle-3.13.0~b3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le"
},
"product_reference": "python313-idle-3.13.0~b3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-idle-3.13.0~b3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x"
},
"product_reference": "python313-idle-3.13.0~b3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-idle-3.13.0~b3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64"
},
"product_reference": "python313-idle-3.13.0~b3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-tk-3.13.0~b3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64"
},
"product_reference": "python313-tk-3.13.0~b3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-tk-3.13.0~b3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le"
},
"product_reference": "python313-tk-3.13.0~b3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-tk-3.13.0~b3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x"
},
"product_reference": "python313-tk-3.13.0~b3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-tk-3.13.0~b3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64"
},
"product_reference": "python313-tk-3.13.0~b3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-x86-64-v3-3.13.0~b3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64"
},
"product_reference": "python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-x86-64-v3-3.13.0~b3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le"
},
"product_reference": "python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-x86-64-v3-3.13.0~b3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x"
},
"product_reference": "python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-x86-64-v3-3.13.0~b3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
},
"product_reference": "python313-x86-64-v3-3.13.0~b3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-3389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3389"
}
],
"notes": [
{
"category": "general",
"text": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3389",
"url": "https://www.suse.com/security/cve/CVE-2011-3389"
},
{
"category": "external",
"summary": "SUSE Bug 716002 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/716002"
},
{
"category": "external",
"summary": "SUSE Bug 719047 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/719047"
},
{
"category": "external",
"summary": "SUSE Bug 725167 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/725167"
},
{
"category": "external",
"summary": "SUSE Bug 726096 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/726096"
},
{
"category": "external",
"summary": "SUSE Bug 739248 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/739248"
},
{
"category": "external",
"summary": "SUSE Bug 739256 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/739256"
},
{
"category": "external",
"summary": "SUSE Bug 742306 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/742306"
},
{
"category": "external",
"summary": "SUSE Bug 751718 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/751718"
},
{
"category": "external",
"summary": "SUSE Bug 759666 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/759666"
},
{
"category": "external",
"summary": "SUSE Bug 763598 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/763598"
},
{
"category": "external",
"summary": "SUSE Bug 814655 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/814655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2011-3389"
},
{
"cve": "CVE-2011-4944",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-4944"
}
],
"notes": [
{
"category": "general",
"text": "Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-4944",
"url": "https://www.suse.com/security/cve/CVE-2011-4944"
},
{
"category": "external",
"summary": "SUSE Bug 754447 for CVE-2011-4944",
"url": "https://bugzilla.suse.com/754447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2011-4944"
},
{
"cve": "CVE-2012-0845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-0845"
}
],
"notes": [
{
"category": "general",
"text": "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-0845",
"url": "https://www.suse.com/security/cve/CVE-2012-0845"
},
{
"category": "external",
"summary": "SUSE Bug 747125 for CVE-2012-0845",
"url": "https://bugzilla.suse.com/747125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-0845"
},
{
"cve": "CVE-2012-1150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1150"
}
],
"notes": [
{
"category": "general",
"text": "Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1150",
"url": "https://www.suse.com/security/cve/CVE-2012-1150"
},
{
"category": "external",
"summary": "SUSE Bug 751718 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/751718"
},
{
"category": "external",
"summary": "SUSE Bug 755383 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/755383"
},
{
"category": "external",
"summary": "SUSE Bug 826682 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/826682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-1150"
},
{
"cve": "CVE-2013-1752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-1752"
}
],
"notes": [
{
"category": "general",
"text": "Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 \"Independently Fixable\" in the CVE Counting Decisions",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-1752",
"url": "https://www.suse.com/security/cve/CVE-2013-1752"
},
{
"category": "external",
"summary": "SUSE Bug 856835 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/856835"
},
{
"category": "external",
"summary": "SUSE Bug 856836 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/856836"
},
{
"category": "external",
"summary": "SUSE Bug 863741 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/863741"
},
{
"category": "external",
"summary": "SUSE Bug 885882 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/885882"
},
{
"category": "external",
"summary": "SUSE Bug 898572 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/898572"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-1752"
},
{
"cve": "CVE-2013-4238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-4238"
}
],
"notes": [
{
"category": "general",
"text": "The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-4238",
"url": "https://www.suse.com/security/cve/CVE-2013-4238"
},
{
"category": "external",
"summary": "SUSE Bug 834601 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/834601"
},
{
"category": "external",
"summary": "SUSE Bug 839107 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/839107"
},
{
"category": "external",
"summary": "SUSE Bug 882915 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/882915"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-4238"
},
{
"cve": "CVE-2014-2667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-2667"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-2667",
"url": "https://www.suse.com/security/cve/CVE-2014-2667"
},
{
"category": "external",
"summary": "SUSE Bug 871152 for CVE-2014-2667",
"url": "https://bugzilla.suse.com/871152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-2667"
},
{
"cve": "CVE-2014-4650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4650"
}
],
"notes": [
{
"category": "general",
"text": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4650",
"url": "https://www.suse.com/security/cve/CVE-2014-4650"
},
{
"category": "external",
"summary": "SUSE Bug 856835 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/856835"
},
{
"category": "external",
"summary": "SUSE Bug 856836 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/856836"
},
{
"category": "external",
"summary": "SUSE Bug 863741 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/863741"
},
{
"category": "external",
"summary": "SUSE Bug 885882 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/885882"
},
{
"category": "external",
"summary": "SUSE Bug 898572 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/898572"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-4650"
},
{
"cve": "CVE-2019-20907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-20907"
}
],
"notes": [
{
"category": "general",
"text": "In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-20907",
"url": "https://www.suse.com/security/cve/CVE-2019-20907"
},
{
"category": "external",
"summary": "SUSE Bug 1174091 for CVE-2019-20907",
"url": "https://bugzilla.suse.com/1174091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-20907"
},
{
"cve": "CVE-2019-5010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5010"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5010",
"url": "https://www.suse.com/security/cve/CVE-2019-5010"
},
{
"category": "external",
"summary": "SUSE Bug 1122191 for CVE-2019-5010",
"url": "https://bugzilla.suse.com/1122191"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2019-5010",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5010"
},
{
"cve": "CVE-2019-9947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9947"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9947",
"url": "https://www.suse.com/security/cve/CVE-2019-9947"
},
{
"category": "external",
"summary": "SUSE Bug 1130840 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1130840"
},
{
"category": "external",
"summary": "SUSE Bug 1136184 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1136184"
},
{
"category": "external",
"summary": "SUSE Bug 1155094 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1155094"
},
{
"category": "external",
"summary": "SUSE Bug 1201559 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1201559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-9947"
},
{
"cve": "CVE-2020-10735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10735"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10735",
"url": "https://www.suse.com/security/cve/CVE-2020-10735"
},
{
"category": "external",
"summary": "SUSE Bug 1203125 for CVE-2020-10735",
"url": "https://bugzilla.suse.com/1203125"
},
{
"category": "external",
"summary": "SUSE Bug 1204077 for CVE-2020-10735",
"url": "https://bugzilla.suse.com/1204077"
},
{
"category": "external",
"summary": "SUSE Bug 1204096 for CVE-2020-10735",
"url": "https://bugzilla.suse.com/1204096"
},
{
"category": "external",
"summary": "SUSE Bug 1204097 for CVE-2020-10735",
"url": "https://bugzilla.suse.com/1204097"
},
{
"category": "external",
"summary": "SUSE Bug 1205075 for CVE-2020-10735",
"url": "https://bugzilla.suse.com/1205075"
},
{
"category": "external",
"summary": "SUSE Bug 1208131 for CVE-2020-10735",
"url": "https://bugzilla.suse.com/1208131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-10735"
},
{
"cve": "CVE-2020-15523",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15523"
}
],
"notes": [
{
"category": "general",
"text": "In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15523",
"url": "https://www.suse.com/security/cve/CVE-2020-15523"
},
{
"category": "external",
"summary": "SUSE Bug 1173745 for CVE-2020-15523",
"url": "https://bugzilla.suse.com/1173745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15523"
},
{
"cve": "CVE-2020-15801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15801"
}
],
"notes": [
{
"category": "general",
"text": "In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The \u003cexecutable-name\u003e._pth file (e.g., the python._pth file) is not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15801",
"url": "https://www.suse.com/security/cve/CVE-2020-15801"
},
{
"category": "external",
"summary": "SUSE Bug 1174241 for CVE-2020-15801",
"url": "https://bugzilla.suse.com/1174241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2020-15801"
},
{
"cve": "CVE-2020-8492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8492"
}
],
"notes": [
{
"category": "general",
"text": "Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8492",
"url": "https://www.suse.com/security/cve/CVE-2020-8492"
},
{
"category": "external",
"summary": "SUSE Bug 1162367 for CVE-2020-8492",
"url": "https://bugzilla.suse.com/1162367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8492"
},
{
"cve": "CVE-2021-23336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23336"
}
],
"notes": [
{
"category": "general",
"text": "The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23336",
"url": "https://www.suse.com/security/cve/CVE-2021-23336"
},
{
"category": "external",
"summary": "SUSE Bug 1182179 for CVE-2021-23336",
"url": "https://bugzilla.suse.com/1182179"
},
{
"category": "external",
"summary": "SUSE Bug 1182379 for CVE-2021-23336",
"url": "https://bugzilla.suse.com/1182379"
},
{
"category": "external",
"summary": "SUSE Bug 1182433 for CVE-2021-23336",
"url": "https://bugzilla.suse.com/1182433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23336"
},
{
"cve": "CVE-2021-3177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3177"
}
],
"notes": [
{
"category": "general",
"text": "Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3177",
"url": "https://www.suse.com/security/cve/CVE-2021-3177"
},
{
"category": "external",
"summary": "SUSE Bug 1181126 for CVE-2021-3177",
"url": "https://bugzilla.suse.com/1181126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3177"
},
{
"cve": "CVE-2021-3426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3426"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a flaw in Python 3\u0027s pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3426",
"url": "https://www.suse.com/security/cve/CVE-2021-3426"
},
{
"category": "external",
"summary": "SUSE Bug 1183374 for CVE-2021-3426",
"url": "https://bugzilla.suse.com/1183374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3426"
},
{
"cve": "CVE-2022-25236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-25236"
}
],
"notes": [
{
"category": "general",
"text": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-25236",
"url": "https://www.suse.com/security/cve/CVE-2022-25236"
},
{
"category": "external",
"summary": "SUSE Bug 1196025 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1196025"
},
{
"category": "external",
"summary": "SUSE Bug 1196784 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1196784"
},
{
"category": "external",
"summary": "SUSE Bug 1197217 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1197217"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1201735 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1201735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-25236"
},
{
"cve": "CVE-2022-42919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42919"
}
],
"notes": [
{
"category": "general",
"text": "Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42919",
"url": "https://www.suse.com/security/cve/CVE-2022-42919"
},
{
"category": "external",
"summary": "SUSE Bug 1204886 for CVE-2022-42919",
"url": "https://bugzilla.suse.com/1204886"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-42919"
},
{
"cve": "CVE-2022-45061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-45061"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-45061",
"url": "https://www.suse.com/security/cve/CVE-2022-45061"
},
{
"category": "external",
"summary": "SUSE Bug 1205244 for CVE-2022-45061",
"url": "https://bugzilla.suse.com/1205244"
},
{
"category": "external",
"summary": "SUSE Bug 1211488 for CVE-2022-45061",
"url": "https://bugzilla.suse.com/1211488"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-45061"
},
{
"cve": "CVE-2023-0286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0286"
}
],
"notes": [
{
"category": "general",
"text": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0286",
"url": "https://www.suse.com/security/cve/CVE-2023-0286"
},
{
"category": "external",
"summary": "SUSE Bug 1207533 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1207533"
},
{
"category": "external",
"summary": "SUSE Bug 1207569 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1207569"
},
{
"category": "external",
"summary": "SUSE Bug 1211136 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1211136"
},
{
"category": "external",
"summary": "SUSE Bug 1211503 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1211503"
},
{
"category": "external",
"summary": "SUSE Bug 1213146 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1213146"
},
{
"category": "external",
"summary": "SUSE Bug 1214269 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1214269"
},
{
"category": "external",
"summary": "SUSE Bug 1218477 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1218477"
},
{
"category": "external",
"summary": "SUSE Bug 1218967 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1218967"
},
{
"category": "external",
"summary": "SUSE Bug 1225677 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1225677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2023-24329",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24329"
}
],
"notes": [
{
"category": "general",
"text": "An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24329",
"url": "https://www.suse.com/security/cve/CVE-2023-24329"
},
{
"category": "external",
"summary": "SUSE Bug 1208471 for CVE-2023-24329",
"url": "https://bugzilla.suse.com/1208471"
},
{
"category": "external",
"summary": "SUSE Bug 1213553 for CVE-2023-24329",
"url": "https://bugzilla.suse.com/1213553"
},
{
"category": "external",
"summary": "SUSE Bug 1213554 for CVE-2023-24329",
"url": "https://bugzilla.suse.com/1213554"
},
{
"category": "external",
"summary": "SUSE Bug 1213839 for CVE-2023-24329",
"url": "https://bugzilla.suse.com/1213839"
},
{
"category": "external",
"summary": "SUSE Bug 1225672 for CVE-2023-24329",
"url": "https://bugzilla.suse.com/1225672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-24329"
},
{
"cve": "CVE-2023-2650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2650"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with \u0027n\u0027 being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer\u0027s certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2650",
"url": "https://www.suse.com/security/cve/CVE-2023-2650"
},
{
"category": "external",
"summary": "SUSE Bug 1211430 for CVE-2023-2650",
"url": "https://bugzilla.suse.com/1211430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-2650"
},
{
"cve": "CVE-2023-27043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-27043"
}
],
"notes": [
{
"category": "general",
"text": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-27043",
"url": "https://www.suse.com/security/cve/CVE-2023-27043"
},
{
"category": "external",
"summary": "SUSE Bug 1210638 for CVE-2023-27043",
"url": "https://bugzilla.suse.com/1210638"
},
{
"category": "external",
"summary": "SUSE Bug 1222537 for CVE-2023-27043",
"url": "https://bugzilla.suse.com/1222537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-27043"
},
{
"cve": "CVE-2023-40217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-40217"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as \"not connected\" and won\u0027t initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-40217",
"url": "https://www.suse.com/security/cve/CVE-2023-40217"
},
{
"category": "external",
"summary": "SUSE Bug 1214692 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1214692"
},
{
"category": "external",
"summary": "SUSE Bug 1217524 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1217524"
},
{
"category": "external",
"summary": "SUSE Bug 1218319 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1218319"
},
{
"category": "external",
"summary": "SUSE Bug 1218476 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1218476"
},
{
"category": "external",
"summary": "SUSE Bug 1218965 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1218965"
},
{
"category": "external",
"summary": "SUSE Bug 1219472 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1219472"
},
{
"category": "external",
"summary": "SUSE Bug 1219713 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1219713"
},
{
"category": "external",
"summary": "SUSE Bug 1221582 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1221582"
},
{
"category": "external",
"summary": "SUSE Bug 1224883 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1224883"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-40217"
},
{
"cve": "CVE-2023-52425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52425"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52425",
"url": "https://www.suse.com/security/cve/CVE-2023-52425"
},
{
"category": "external",
"summary": "SUSE Bug 1219559 for CVE-2023-52425",
"url": "https://bugzilla.suse.com/1219559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2024-4030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4030"
}
],
"notes": [
{
"category": "general",
"text": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you\u0027re not using Windows or haven\u0027t changed the temporary directory location then you aren\u0027t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \"700\" for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4030",
"url": "https://www.suse.com/security/cve/CVE-2024-4030"
},
{
"category": "external",
"summary": "SUSE Bug 1227152 for CVE-2024-4030",
"url": "https://bugzilla.suse.com/1227152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-curses-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-dbm-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-idle-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-tk-3.13.0~b3-1.1.x86_64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.aarch64",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.s390x",
"openSUSE Tumbleweed:python313-x86-64-v3-3.13.0~b3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-4030"
}
]
}
opensuse-su-2024:14295-1
Vulnerability from csaf_opensuse
Published
2024-08-29 00:00
Modified
2024-08-29 00:00
Summary
python312-3.12.5-1.1 on GA media
Notes
Title of the patch
python312-3.12.5-1.1 on GA media
Description of the patch
These are all security issues fixed in the python312-3.12.5-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14295
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python312-3.12.5-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python312-3.12.5-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14295",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14295-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0397 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4030 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4032 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6923 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6923/"
}
],
"title": "python312-3.12.5-1.1 on GA media",
"tracking": {
"current_release_date": "2024-08-29T00:00:00Z",
"generator": {
"date": "2024-08-29T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14295-1",
"initial_release_date": "2024-08-29T00:00:00Z",
"revision_history": [
{
"date": "2024-08-29T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python312-3.12.5-1.1.aarch64",
"product": {
"name": "python312-3.12.5-1.1.aarch64",
"product_id": "python312-3.12.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-32bit-3.12.5-1.1.aarch64",
"product": {
"name": "python312-32bit-3.12.5-1.1.aarch64",
"product_id": "python312-32bit-3.12.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-curses-3.12.5-1.1.aarch64",
"product": {
"name": "python312-curses-3.12.5-1.1.aarch64",
"product_id": "python312-curses-3.12.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-dbm-3.12.5-1.1.aarch64",
"product": {
"name": "python312-dbm-3.12.5-1.1.aarch64",
"product_id": "python312-dbm-3.12.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-idle-3.12.5-1.1.aarch64",
"product": {
"name": "python312-idle-3.12.5-1.1.aarch64",
"product_id": "python312-idle-3.12.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-tk-3.12.5-1.1.aarch64",
"product": {
"name": "python312-tk-3.12.5-1.1.aarch64",
"product_id": "python312-tk-3.12.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-x86-64-v3-3.12.5-1.1.aarch64",
"product": {
"name": "python312-x86-64-v3-3.12.5-1.1.aarch64",
"product_id": "python312-x86-64-v3-3.12.5-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python312-3.12.5-1.1.ppc64le",
"product": {
"name": "python312-3.12.5-1.1.ppc64le",
"product_id": "python312-3.12.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-32bit-3.12.5-1.1.ppc64le",
"product": {
"name": "python312-32bit-3.12.5-1.1.ppc64le",
"product_id": "python312-32bit-3.12.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-curses-3.12.5-1.1.ppc64le",
"product": {
"name": "python312-curses-3.12.5-1.1.ppc64le",
"product_id": "python312-curses-3.12.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-dbm-3.12.5-1.1.ppc64le",
"product": {
"name": "python312-dbm-3.12.5-1.1.ppc64le",
"product_id": "python312-dbm-3.12.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-idle-3.12.5-1.1.ppc64le",
"product": {
"name": "python312-idle-3.12.5-1.1.ppc64le",
"product_id": "python312-idle-3.12.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-tk-3.12.5-1.1.ppc64le",
"product": {
"name": "python312-tk-3.12.5-1.1.ppc64le",
"product_id": "python312-tk-3.12.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-x86-64-v3-3.12.5-1.1.ppc64le",
"product": {
"name": "python312-x86-64-v3-3.12.5-1.1.ppc64le",
"product_id": "python312-x86-64-v3-3.12.5-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python312-3.12.5-1.1.s390x",
"product": {
"name": "python312-3.12.5-1.1.s390x",
"product_id": "python312-3.12.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-32bit-3.12.5-1.1.s390x",
"product": {
"name": "python312-32bit-3.12.5-1.1.s390x",
"product_id": "python312-32bit-3.12.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-curses-3.12.5-1.1.s390x",
"product": {
"name": "python312-curses-3.12.5-1.1.s390x",
"product_id": "python312-curses-3.12.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-dbm-3.12.5-1.1.s390x",
"product": {
"name": "python312-dbm-3.12.5-1.1.s390x",
"product_id": "python312-dbm-3.12.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-idle-3.12.5-1.1.s390x",
"product": {
"name": "python312-idle-3.12.5-1.1.s390x",
"product_id": "python312-idle-3.12.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-tk-3.12.5-1.1.s390x",
"product": {
"name": "python312-tk-3.12.5-1.1.s390x",
"product_id": "python312-tk-3.12.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-x86-64-v3-3.12.5-1.1.s390x",
"product": {
"name": "python312-x86-64-v3-3.12.5-1.1.s390x",
"product_id": "python312-x86-64-v3-3.12.5-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python312-3.12.5-1.1.x86_64",
"product": {
"name": "python312-3.12.5-1.1.x86_64",
"product_id": "python312-3.12.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-32bit-3.12.5-1.1.x86_64",
"product": {
"name": "python312-32bit-3.12.5-1.1.x86_64",
"product_id": "python312-32bit-3.12.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-curses-3.12.5-1.1.x86_64",
"product": {
"name": "python312-curses-3.12.5-1.1.x86_64",
"product_id": "python312-curses-3.12.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-dbm-3.12.5-1.1.x86_64",
"product": {
"name": "python312-dbm-3.12.5-1.1.x86_64",
"product_id": "python312-dbm-3.12.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-idle-3.12.5-1.1.x86_64",
"product": {
"name": "python312-idle-3.12.5-1.1.x86_64",
"product_id": "python312-idle-3.12.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-tk-3.12.5-1.1.x86_64",
"product": {
"name": "python312-tk-3.12.5-1.1.x86_64",
"product_id": "python312-tk-3.12.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-x86-64-v3-3.12.5-1.1.x86_64",
"product": {
"name": "python312-x86-64-v3-3.12.5-1.1.x86_64",
"product_id": "python312-x86-64-v3-3.12.5-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-3.12.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-3.12.5-1.1.aarch64"
},
"product_reference": "python312-3.12.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-3.12.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-3.12.5-1.1.ppc64le"
},
"product_reference": "python312-3.12.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-3.12.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-3.12.5-1.1.s390x"
},
"product_reference": "python312-3.12.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-3.12.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-3.12.5-1.1.x86_64"
},
"product_reference": "python312-3.12.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-32bit-3.12.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.aarch64"
},
"product_reference": "python312-32bit-3.12.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-32bit-3.12.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.ppc64le"
},
"product_reference": "python312-32bit-3.12.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-32bit-3.12.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.s390x"
},
"product_reference": "python312-32bit-3.12.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-32bit-3.12.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.x86_64"
},
"product_reference": "python312-32bit-3.12.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-curses-3.12.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-curses-3.12.5-1.1.aarch64"
},
"product_reference": "python312-curses-3.12.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-curses-3.12.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-curses-3.12.5-1.1.ppc64le"
},
"product_reference": "python312-curses-3.12.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-curses-3.12.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-curses-3.12.5-1.1.s390x"
},
"product_reference": "python312-curses-3.12.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-curses-3.12.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-curses-3.12.5-1.1.x86_64"
},
"product_reference": "python312-curses-3.12.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-dbm-3.12.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.aarch64"
},
"product_reference": "python312-dbm-3.12.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-dbm-3.12.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.ppc64le"
},
"product_reference": "python312-dbm-3.12.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-dbm-3.12.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.s390x"
},
"product_reference": "python312-dbm-3.12.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-dbm-3.12.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.x86_64"
},
"product_reference": "python312-dbm-3.12.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-idle-3.12.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-idle-3.12.5-1.1.aarch64"
},
"product_reference": "python312-idle-3.12.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-idle-3.12.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-idle-3.12.5-1.1.ppc64le"
},
"product_reference": "python312-idle-3.12.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-idle-3.12.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-idle-3.12.5-1.1.s390x"
},
"product_reference": "python312-idle-3.12.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-idle-3.12.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-idle-3.12.5-1.1.x86_64"
},
"product_reference": "python312-idle-3.12.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tk-3.12.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-tk-3.12.5-1.1.aarch64"
},
"product_reference": "python312-tk-3.12.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tk-3.12.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-tk-3.12.5-1.1.ppc64le"
},
"product_reference": "python312-tk-3.12.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tk-3.12.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-tk-3.12.5-1.1.s390x"
},
"product_reference": "python312-tk-3.12.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tk-3.12.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-tk-3.12.5-1.1.x86_64"
},
"product_reference": "python312-tk-3.12.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-x86-64-v3-3.12.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.aarch64"
},
"product_reference": "python312-x86-64-v3-3.12.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-x86-64-v3-3.12.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.ppc64le"
},
"product_reference": "python312-x86-64-v3-3.12.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-x86-64-v3-3.12.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.s390x"
},
"product_reference": "python312-x86-64-v3-3.12.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-x86-64-v3-3.12.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.x86_64"
},
"product_reference": "python312-x86-64-v3-3.12.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-0397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0397"
}
],
"notes": [
{
"category": "general",
"text": "A defect was discovered in the Python \"ssl\" module where there is a memory\nrace condition with the ssl.SSLContext methods \"cert_store_stats()\" and\n\"get_ca_certs()\". The race condition can be triggered if the methods are\ncalled at the same time as certificates are loaded into the SSLContext,\nsuch as during the TLS handshake with a certificate directory configured.\nThis issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python312-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0397",
"url": "https://www.suse.com/security/cve/CVE-2024-0397"
},
{
"category": "external",
"summary": "SUSE Bug 1226447 for CVE-2024-0397",
"url": "https://bugzilla.suse.com/1226447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python312-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python312-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-29T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-0397"
},
{
"cve": "CVE-2024-4030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4030"
}
],
"notes": [
{
"category": "general",
"text": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you\u0027re not using Windows or haven\u0027t changed the temporary directory location then you aren\u0027t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \"700\" for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python312-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4030",
"url": "https://www.suse.com/security/cve/CVE-2024-4030"
},
{
"category": "external",
"summary": "SUSE Bug 1227152 for CVE-2024-4030",
"url": "https://bugzilla.suse.com/1227152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python312-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python312-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-29T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-4030"
},
{
"cve": "CVE-2024-4032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4032"
}
],
"notes": [
{
"category": "general",
"text": "The \"ipaddress\" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \"globally reachable\" or \"private\". This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u0027t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\n\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python312-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4032",
"url": "https://www.suse.com/security/cve/CVE-2024-4032"
},
{
"category": "external",
"summary": "SUSE Bug 1226448 for CVE-2024-4032",
"url": "https://bugzilla.suse.com/1226448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python312-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python312-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-29T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2024-4032"
},
{
"cve": "CVE-2024-6923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6923"
}
],
"notes": [
{
"category": "general",
"text": "There is a MEDIUM severity vulnerability affecting CPython.\n\nThe \nemail module didn\u0027t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python312-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6923",
"url": "https://www.suse.com/security/cve/CVE-2024-6923"
},
{
"category": "external",
"summary": "SUSE Bug 1228780 for CVE-2024-6923",
"url": "https://bugzilla.suse.com/1228780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python312-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python312-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-32bit-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-curses-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-dbm-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-idle-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-tk-3.12.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.s390x",
"openSUSE Tumbleweed:python312-x86-64-v3-3.12.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-29T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-6923"
}
]
}
opensuse-su-2024:14340-1
Vulnerability from csaf_opensuse
Published
2024-09-17 00:00
Modified
2024-09-17 00:00
Summary
python38-3.8.20-1.1 on GA media
Notes
Title of the patch
python38-3.8.20-1.1 on GA media
Description of the patch
These are all security issues fixed in the python38-3.8.20-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14340
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python38-3.8.20-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python38-3.8.20-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14340",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14340-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:14340-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EB3HULWLZQ24PRVM3P2LCSJ3IJUISSTW/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:14340-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EB3HULWLZQ24PRVM3P2LCSJ3IJUISSTW/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4030 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6232 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6232/"
}
],
"title": "python38-3.8.20-1.1 on GA media",
"tracking": {
"current_release_date": "2024-09-17T00:00:00Z",
"generator": {
"date": "2024-09-17T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14340-1",
"initial_release_date": "2024-09-17T00:00:00Z",
"revision_history": [
{
"date": "2024-09-17T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python38-3.8.20-1.1.aarch64",
"product": {
"name": "python38-3.8.20-1.1.aarch64",
"product_id": "python38-3.8.20-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python38-curses-3.8.20-1.1.aarch64",
"product": {
"name": "python38-curses-3.8.20-1.1.aarch64",
"product_id": "python38-curses-3.8.20-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python38-dbm-3.8.20-1.1.aarch64",
"product": {
"name": "python38-dbm-3.8.20-1.1.aarch64",
"product_id": "python38-dbm-3.8.20-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python38-idle-3.8.20-1.1.aarch64",
"product": {
"name": "python38-idle-3.8.20-1.1.aarch64",
"product_id": "python38-idle-3.8.20-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python38-tk-3.8.20-1.1.aarch64",
"product": {
"name": "python38-tk-3.8.20-1.1.aarch64",
"product_id": "python38-tk-3.8.20-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python38-3.8.20-1.1.ppc64le",
"product": {
"name": "python38-3.8.20-1.1.ppc64le",
"product_id": "python38-3.8.20-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-curses-3.8.20-1.1.ppc64le",
"product": {
"name": "python38-curses-3.8.20-1.1.ppc64le",
"product_id": "python38-curses-3.8.20-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-dbm-3.8.20-1.1.ppc64le",
"product": {
"name": "python38-dbm-3.8.20-1.1.ppc64le",
"product_id": "python38-dbm-3.8.20-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-idle-3.8.20-1.1.ppc64le",
"product": {
"name": "python38-idle-3.8.20-1.1.ppc64le",
"product_id": "python38-idle-3.8.20-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-tk-3.8.20-1.1.ppc64le",
"product": {
"name": "python38-tk-3.8.20-1.1.ppc64le",
"product_id": "python38-tk-3.8.20-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python38-3.8.20-1.1.s390x",
"product": {
"name": "python38-3.8.20-1.1.s390x",
"product_id": "python38-3.8.20-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python38-curses-3.8.20-1.1.s390x",
"product": {
"name": "python38-curses-3.8.20-1.1.s390x",
"product_id": "python38-curses-3.8.20-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python38-dbm-3.8.20-1.1.s390x",
"product": {
"name": "python38-dbm-3.8.20-1.1.s390x",
"product_id": "python38-dbm-3.8.20-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python38-idle-3.8.20-1.1.s390x",
"product": {
"name": "python38-idle-3.8.20-1.1.s390x",
"product_id": "python38-idle-3.8.20-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python38-tk-3.8.20-1.1.s390x",
"product": {
"name": "python38-tk-3.8.20-1.1.s390x",
"product_id": "python38-tk-3.8.20-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python38-3.8.20-1.1.x86_64",
"product": {
"name": "python38-3.8.20-1.1.x86_64",
"product_id": "python38-3.8.20-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python38-curses-3.8.20-1.1.x86_64",
"product": {
"name": "python38-curses-3.8.20-1.1.x86_64",
"product_id": "python38-curses-3.8.20-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python38-dbm-3.8.20-1.1.x86_64",
"product": {
"name": "python38-dbm-3.8.20-1.1.x86_64",
"product_id": "python38-dbm-3.8.20-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python38-idle-3.8.20-1.1.x86_64",
"product": {
"name": "python38-idle-3.8.20-1.1.x86_64",
"product_id": "python38-idle-3.8.20-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python38-tk-3.8.20-1.1.x86_64",
"product": {
"name": "python38-tk-3.8.20-1.1.x86_64",
"product_id": "python38-tk-3.8.20-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-3.8.20-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-3.8.20-1.1.aarch64"
},
"product_reference": "python38-3.8.20-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-3.8.20-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-3.8.20-1.1.ppc64le"
},
"product_reference": "python38-3.8.20-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-3.8.20-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-3.8.20-1.1.s390x"
},
"product_reference": "python38-3.8.20-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-3.8.20-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-3.8.20-1.1.x86_64"
},
"product_reference": "python38-3.8.20-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-curses-3.8.20-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-curses-3.8.20-1.1.aarch64"
},
"product_reference": "python38-curses-3.8.20-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-curses-3.8.20-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-curses-3.8.20-1.1.ppc64le"
},
"product_reference": "python38-curses-3.8.20-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-curses-3.8.20-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-curses-3.8.20-1.1.s390x"
},
"product_reference": "python38-curses-3.8.20-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-curses-3.8.20-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-curses-3.8.20-1.1.x86_64"
},
"product_reference": "python38-curses-3.8.20-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-dbm-3.8.20-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.aarch64"
},
"product_reference": "python38-dbm-3.8.20-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-dbm-3.8.20-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.ppc64le"
},
"product_reference": "python38-dbm-3.8.20-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-dbm-3.8.20-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.s390x"
},
"product_reference": "python38-dbm-3.8.20-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-dbm-3.8.20-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.x86_64"
},
"product_reference": "python38-dbm-3.8.20-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-idle-3.8.20-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-idle-3.8.20-1.1.aarch64"
},
"product_reference": "python38-idle-3.8.20-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-idle-3.8.20-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-idle-3.8.20-1.1.ppc64le"
},
"product_reference": "python38-idle-3.8.20-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-idle-3.8.20-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-idle-3.8.20-1.1.s390x"
},
"product_reference": "python38-idle-3.8.20-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-idle-3.8.20-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-idle-3.8.20-1.1.x86_64"
},
"product_reference": "python38-idle-3.8.20-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-tk-3.8.20-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-tk-3.8.20-1.1.aarch64"
},
"product_reference": "python38-tk-3.8.20-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-tk-3.8.20-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-tk-3.8.20-1.1.ppc64le"
},
"product_reference": "python38-tk-3.8.20-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-tk-3.8.20-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-tk-3.8.20-1.1.s390x"
},
"product_reference": "python38-tk-3.8.20-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-tk-3.8.20-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-tk-3.8.20-1.1.x86_64"
},
"product_reference": "python38-tk-3.8.20-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-4030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4030"
}
],
"notes": [
{
"category": "general",
"text": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you\u0027re not using Windows or haven\u0027t changed the temporary directory location then you aren\u0027t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \"700\" for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python38-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4030",
"url": "https://www.suse.com/security/cve/CVE-2024-4030"
},
{
"category": "external",
"summary": "SUSE Bug 1227152 for CVE-2024-4030",
"url": "https://bugzilla.suse.com/1227152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python38-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python38-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-4030"
},
{
"cve": "CVE-2024-6232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6232"
}
],
"notes": [
{
"category": "general",
"text": "There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python38-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6232",
"url": "https://www.suse.com/security/cve/CVE-2024-6232"
},
{
"category": "external",
"summary": "SUSE Bug 1230227 for CVE-2024-6232",
"url": "https://bugzilla.suse.com/1230227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python38-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python38-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-curses-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-dbm-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-idle-3.8.20-1.1.x86_64",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.aarch64",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.ppc64le",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.s390x",
"openSUSE Tumbleweed:python38-tk-3.8.20-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-6232"
}
]
}
opensuse-su-2024:14345-1
Vulnerability from csaf_opensuse
Published
2024-09-18 00:00
Modified
2024-09-18 00:00
Summary
python310-3.10.15-1.1 on GA media
Notes
Title of the patch
python310-3.10.15-1.1 on GA media
Description of the patch
These are all security issues fixed in the python310-3.10.15-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14345
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python310-3.10.15-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python310-3.10.15-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14345",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14345-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:14345-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XGNLIXONZEJPUCB2A4GVFSDMNJ37VXYU/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:14345-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XGNLIXONZEJPUCB2A4GVFSDMNJ37VXYU/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4030 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6232 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-7592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-7592/"
}
],
"title": "python310-3.10.15-1.1 on GA media",
"tracking": {
"current_release_date": "2024-09-18T00:00:00Z",
"generator": {
"date": "2024-09-18T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14345-1",
"initial_release_date": "2024-09-18T00:00:00Z",
"revision_history": [
{
"date": "2024-09-18T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python310-3.10.15-1.1.aarch64",
"product": {
"name": "python310-3.10.15-1.1.aarch64",
"product_id": "python310-3.10.15-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-32bit-3.10.15-1.1.aarch64",
"product": {
"name": "python310-32bit-3.10.15-1.1.aarch64",
"product_id": "python310-32bit-3.10.15-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-curses-3.10.15-1.1.aarch64",
"product": {
"name": "python310-curses-3.10.15-1.1.aarch64",
"product_id": "python310-curses-3.10.15-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-dbm-3.10.15-1.1.aarch64",
"product": {
"name": "python310-dbm-3.10.15-1.1.aarch64",
"product_id": "python310-dbm-3.10.15-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-idle-3.10.15-1.1.aarch64",
"product": {
"name": "python310-idle-3.10.15-1.1.aarch64",
"product_id": "python310-idle-3.10.15-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-tk-3.10.15-1.1.aarch64",
"product": {
"name": "python310-tk-3.10.15-1.1.aarch64",
"product_id": "python310-tk-3.10.15-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-3.10.15-1.1.ppc64le",
"product": {
"name": "python310-3.10.15-1.1.ppc64le",
"product_id": "python310-3.10.15-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-32bit-3.10.15-1.1.ppc64le",
"product": {
"name": "python310-32bit-3.10.15-1.1.ppc64le",
"product_id": "python310-32bit-3.10.15-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-curses-3.10.15-1.1.ppc64le",
"product": {
"name": "python310-curses-3.10.15-1.1.ppc64le",
"product_id": "python310-curses-3.10.15-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-dbm-3.10.15-1.1.ppc64le",
"product": {
"name": "python310-dbm-3.10.15-1.1.ppc64le",
"product_id": "python310-dbm-3.10.15-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-idle-3.10.15-1.1.ppc64le",
"product": {
"name": "python310-idle-3.10.15-1.1.ppc64le",
"product_id": "python310-idle-3.10.15-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-tk-3.10.15-1.1.ppc64le",
"product": {
"name": "python310-tk-3.10.15-1.1.ppc64le",
"product_id": "python310-tk-3.10.15-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-3.10.15-1.1.s390x",
"product": {
"name": "python310-3.10.15-1.1.s390x",
"product_id": "python310-3.10.15-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-32bit-3.10.15-1.1.s390x",
"product": {
"name": "python310-32bit-3.10.15-1.1.s390x",
"product_id": "python310-32bit-3.10.15-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-curses-3.10.15-1.1.s390x",
"product": {
"name": "python310-curses-3.10.15-1.1.s390x",
"product_id": "python310-curses-3.10.15-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-dbm-3.10.15-1.1.s390x",
"product": {
"name": "python310-dbm-3.10.15-1.1.s390x",
"product_id": "python310-dbm-3.10.15-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-idle-3.10.15-1.1.s390x",
"product": {
"name": "python310-idle-3.10.15-1.1.s390x",
"product_id": "python310-idle-3.10.15-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-tk-3.10.15-1.1.s390x",
"product": {
"name": "python310-tk-3.10.15-1.1.s390x",
"product_id": "python310-tk-3.10.15-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-3.10.15-1.1.x86_64",
"product": {
"name": "python310-3.10.15-1.1.x86_64",
"product_id": "python310-3.10.15-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-32bit-3.10.15-1.1.x86_64",
"product": {
"name": "python310-32bit-3.10.15-1.1.x86_64",
"product_id": "python310-32bit-3.10.15-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-curses-3.10.15-1.1.x86_64",
"product": {
"name": "python310-curses-3.10.15-1.1.x86_64",
"product_id": "python310-curses-3.10.15-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-dbm-3.10.15-1.1.x86_64",
"product": {
"name": "python310-dbm-3.10.15-1.1.x86_64",
"product_id": "python310-dbm-3.10.15-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-idle-3.10.15-1.1.x86_64",
"product": {
"name": "python310-idle-3.10.15-1.1.x86_64",
"product_id": "python310-idle-3.10.15-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-tk-3.10.15-1.1.x86_64",
"product": {
"name": "python310-tk-3.10.15-1.1.x86_64",
"product_id": "python310-tk-3.10.15-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-3.10.15-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-3.10.15-1.1.aarch64"
},
"product_reference": "python310-3.10.15-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-3.10.15-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-3.10.15-1.1.ppc64le"
},
"product_reference": "python310-3.10.15-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-3.10.15-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-3.10.15-1.1.s390x"
},
"product_reference": "python310-3.10.15-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-3.10.15-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-3.10.15-1.1.x86_64"
},
"product_reference": "python310-3.10.15-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-32bit-3.10.15-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.aarch64"
},
"product_reference": "python310-32bit-3.10.15-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-32bit-3.10.15-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.ppc64le"
},
"product_reference": "python310-32bit-3.10.15-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-32bit-3.10.15-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.s390x"
},
"product_reference": "python310-32bit-3.10.15-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-32bit-3.10.15-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.x86_64"
},
"product_reference": "python310-32bit-3.10.15-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-curses-3.10.15-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-curses-3.10.15-1.1.aarch64"
},
"product_reference": "python310-curses-3.10.15-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-curses-3.10.15-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-curses-3.10.15-1.1.ppc64le"
},
"product_reference": "python310-curses-3.10.15-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-curses-3.10.15-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-curses-3.10.15-1.1.s390x"
},
"product_reference": "python310-curses-3.10.15-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-curses-3.10.15-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-curses-3.10.15-1.1.x86_64"
},
"product_reference": "python310-curses-3.10.15-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-dbm-3.10.15-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.aarch64"
},
"product_reference": "python310-dbm-3.10.15-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-dbm-3.10.15-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.ppc64le"
},
"product_reference": "python310-dbm-3.10.15-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-dbm-3.10.15-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.s390x"
},
"product_reference": "python310-dbm-3.10.15-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-dbm-3.10.15-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.x86_64"
},
"product_reference": "python310-dbm-3.10.15-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-idle-3.10.15-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-idle-3.10.15-1.1.aarch64"
},
"product_reference": "python310-idle-3.10.15-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-idle-3.10.15-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-idle-3.10.15-1.1.ppc64le"
},
"product_reference": "python310-idle-3.10.15-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-idle-3.10.15-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-idle-3.10.15-1.1.s390x"
},
"product_reference": "python310-idle-3.10.15-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-idle-3.10.15-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-idle-3.10.15-1.1.x86_64"
},
"product_reference": "python310-idle-3.10.15-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-tk-3.10.15-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-tk-3.10.15-1.1.aarch64"
},
"product_reference": "python310-tk-3.10.15-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-tk-3.10.15-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-tk-3.10.15-1.1.ppc64le"
},
"product_reference": "python310-tk-3.10.15-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-tk-3.10.15-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-tk-3.10.15-1.1.s390x"
},
"product_reference": "python310-tk-3.10.15-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-tk-3.10.15-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-tk-3.10.15-1.1.x86_64"
},
"product_reference": "python310-tk-3.10.15-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-4030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4030"
}
],
"notes": [
{
"category": "general",
"text": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you\u0027re not using Windows or haven\u0027t changed the temporary directory location then you aren\u0027t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \"700\" for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4030",
"url": "https://www.suse.com/security/cve/CVE-2024-4030"
},
{
"category": "external",
"summary": "SUSE Bug 1227152 for CVE-2024-4030",
"url": "https://bugzilla.suse.com/1227152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-4030"
},
{
"cve": "CVE-2024-6232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6232"
}
],
"notes": [
{
"category": "general",
"text": "There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6232",
"url": "https://www.suse.com/security/cve/CVE-2024-6232"
},
{
"category": "external",
"summary": "SUSE Bug 1230227 for CVE-2024-6232",
"url": "https://bugzilla.suse.com/1230227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-6232"
},
{
"cve": "CVE-2024-7592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-7592"
}
],
"notes": [
{
"category": "general",
"text": "There is a LOW severity vulnerability affecting CPython, specifically the\n\u0027http.cookies\u0027 standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-7592",
"url": "https://www.suse.com/security/cve/CVE-2024-7592"
},
{
"category": "external",
"summary": "SUSE Bug 1229596 for CVE-2024-7592",
"url": "https://bugzilla.suse.com/1229596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-32bit-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-curses-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-dbm-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-idle-3.10.15-1.1.x86_64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.aarch64",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.ppc64le",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.s390x",
"openSUSE Tumbleweed:python310-tk-3.10.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-7592"
}
]
}
opensuse-su-2024:14434-1
Vulnerability from csaf_opensuse
Published
2024-10-28 00:00
Modified
2024-10-28 00:00
Summary
python314-3.14.0~a1-1.1 on GA media
Notes
Title of the patch
python314-3.14.0~a1-1.1 on GA media
Description of the patch
These are all security issues fixed in the python314-3.14.0~a1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14434
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python314-3.14.0~a1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python314-3.14.0~a1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14434",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14434-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3389 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-4944 page",
"url": "https://www.suse.com/security/cve/CVE-2011-4944/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-0845 page",
"url": "https://www.suse.com/security/cve/CVE-2012-0845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1150 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-1752 page",
"url": "https://www.suse.com/security/cve/CVE-2013-1752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-4238 page",
"url": "https://www.suse.com/security/cve/CVE-2013-4238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-2667 page",
"url": "https://www.suse.com/security/cve/CVE-2014-2667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4650 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-20907 page",
"url": "https://www.suse.com/security/cve/CVE-2019-20907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5010 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9947 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10735 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15523 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15523/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15801 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8492 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23336 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3177 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3426 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-25236 page",
"url": "https://www.suse.com/security/cve/CVE-2022-25236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42919 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-45061 page",
"url": "https://www.suse.com/security/cve/CVE-2022-45061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0286 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24329 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24329/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2650 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-27043 page",
"url": "https://www.suse.com/security/cve/CVE-2023-27043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-40217 page",
"url": "https://www.suse.com/security/cve/CVE-2023-40217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52425 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4030 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4032 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6232 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6923 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-7592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-7592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-8088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-8088/"
}
],
"title": "python314-3.14.0~a1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-10-28T00:00:00Z",
"generator": {
"date": "2024-10-28T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14434-1",
"initial_release_date": "2024-10-28T00:00:00Z",
"revision_history": [
{
"date": "2024-10-28T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python314-3.14.0~a1-1.1.aarch64",
"product": {
"name": "python314-3.14.0~a1-1.1.aarch64",
"product_id": "python314-3.14.0~a1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python314-curses-3.14.0~a1-1.1.aarch64",
"product": {
"name": "python314-curses-3.14.0~a1-1.1.aarch64",
"product_id": "python314-curses-3.14.0~a1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python314-dbm-3.14.0~a1-1.1.aarch64",
"product": {
"name": "python314-dbm-3.14.0~a1-1.1.aarch64",
"product_id": "python314-dbm-3.14.0~a1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python314-idle-3.14.0~a1-1.1.aarch64",
"product": {
"name": "python314-idle-3.14.0~a1-1.1.aarch64",
"product_id": "python314-idle-3.14.0~a1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python314-tk-3.14.0~a1-1.1.aarch64",
"product": {
"name": "python314-tk-3.14.0~a1-1.1.aarch64",
"product_id": "python314-tk-3.14.0~a1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"product": {
"name": "python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"product_id": "python314-x86-64-v3-3.14.0~a1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python314-3.14.0~a1-1.1.ppc64le",
"product": {
"name": "python314-3.14.0~a1-1.1.ppc64le",
"product_id": "python314-3.14.0~a1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python314-curses-3.14.0~a1-1.1.ppc64le",
"product": {
"name": "python314-curses-3.14.0~a1-1.1.ppc64le",
"product_id": "python314-curses-3.14.0~a1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python314-dbm-3.14.0~a1-1.1.ppc64le",
"product": {
"name": "python314-dbm-3.14.0~a1-1.1.ppc64le",
"product_id": "python314-dbm-3.14.0~a1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python314-idle-3.14.0~a1-1.1.ppc64le",
"product": {
"name": "python314-idle-3.14.0~a1-1.1.ppc64le",
"product_id": "python314-idle-3.14.0~a1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python314-tk-3.14.0~a1-1.1.ppc64le",
"product": {
"name": "python314-tk-3.14.0~a1-1.1.ppc64le",
"product_id": "python314-tk-3.14.0~a1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"product": {
"name": "python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"product_id": "python314-x86-64-v3-3.14.0~a1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python314-3.14.0~a1-1.1.s390x",
"product": {
"name": "python314-3.14.0~a1-1.1.s390x",
"product_id": "python314-3.14.0~a1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python314-curses-3.14.0~a1-1.1.s390x",
"product": {
"name": "python314-curses-3.14.0~a1-1.1.s390x",
"product_id": "python314-curses-3.14.0~a1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python314-dbm-3.14.0~a1-1.1.s390x",
"product": {
"name": "python314-dbm-3.14.0~a1-1.1.s390x",
"product_id": "python314-dbm-3.14.0~a1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python314-idle-3.14.0~a1-1.1.s390x",
"product": {
"name": "python314-idle-3.14.0~a1-1.1.s390x",
"product_id": "python314-idle-3.14.0~a1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python314-tk-3.14.0~a1-1.1.s390x",
"product": {
"name": "python314-tk-3.14.0~a1-1.1.s390x",
"product_id": "python314-tk-3.14.0~a1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"product": {
"name": "python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"product_id": "python314-x86-64-v3-3.14.0~a1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python314-3.14.0~a1-1.1.x86_64",
"product": {
"name": "python314-3.14.0~a1-1.1.x86_64",
"product_id": "python314-3.14.0~a1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python314-curses-3.14.0~a1-1.1.x86_64",
"product": {
"name": "python314-curses-3.14.0~a1-1.1.x86_64",
"product_id": "python314-curses-3.14.0~a1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python314-dbm-3.14.0~a1-1.1.x86_64",
"product": {
"name": "python314-dbm-3.14.0~a1-1.1.x86_64",
"product_id": "python314-dbm-3.14.0~a1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python314-idle-3.14.0~a1-1.1.x86_64",
"product": {
"name": "python314-idle-3.14.0~a1-1.1.x86_64",
"product_id": "python314-idle-3.14.0~a1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python314-tk-3.14.0~a1-1.1.x86_64",
"product": {
"name": "python314-tk-3.14.0~a1-1.1.x86_64",
"product_id": "python314-tk-3.14.0~a1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python314-x86-64-v3-3.14.0~a1-1.1.x86_64",
"product": {
"name": "python314-x86-64-v3-3.14.0~a1-1.1.x86_64",
"product_id": "python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-3.14.0~a1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64"
},
"product_reference": "python314-3.14.0~a1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-3.14.0~a1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le"
},
"product_reference": "python314-3.14.0~a1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-3.14.0~a1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x"
},
"product_reference": "python314-3.14.0~a1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-3.14.0~a1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64"
},
"product_reference": "python314-3.14.0~a1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-curses-3.14.0~a1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64"
},
"product_reference": "python314-curses-3.14.0~a1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-curses-3.14.0~a1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le"
},
"product_reference": "python314-curses-3.14.0~a1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-curses-3.14.0~a1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x"
},
"product_reference": "python314-curses-3.14.0~a1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-curses-3.14.0~a1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64"
},
"product_reference": "python314-curses-3.14.0~a1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-dbm-3.14.0~a1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64"
},
"product_reference": "python314-dbm-3.14.0~a1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-dbm-3.14.0~a1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le"
},
"product_reference": "python314-dbm-3.14.0~a1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-dbm-3.14.0~a1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x"
},
"product_reference": "python314-dbm-3.14.0~a1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-dbm-3.14.0~a1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64"
},
"product_reference": "python314-dbm-3.14.0~a1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-idle-3.14.0~a1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64"
},
"product_reference": "python314-idle-3.14.0~a1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-idle-3.14.0~a1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le"
},
"product_reference": "python314-idle-3.14.0~a1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-idle-3.14.0~a1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x"
},
"product_reference": "python314-idle-3.14.0~a1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-idle-3.14.0~a1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64"
},
"product_reference": "python314-idle-3.14.0~a1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-tk-3.14.0~a1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64"
},
"product_reference": "python314-tk-3.14.0~a1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-tk-3.14.0~a1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le"
},
"product_reference": "python314-tk-3.14.0~a1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-tk-3.14.0~a1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x"
},
"product_reference": "python314-tk-3.14.0~a1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-tk-3.14.0~a1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64"
},
"product_reference": "python314-tk-3.14.0~a1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-x86-64-v3-3.14.0~a1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64"
},
"product_reference": "python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-x86-64-v3-3.14.0~a1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le"
},
"product_reference": "python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-x86-64-v3-3.14.0~a1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x"
},
"product_reference": "python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-x86-64-v3-3.14.0~a1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
},
"product_reference": "python314-x86-64-v3-3.14.0~a1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-3389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3389"
}
],
"notes": [
{
"category": "general",
"text": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3389",
"url": "https://www.suse.com/security/cve/CVE-2011-3389"
},
{
"category": "external",
"summary": "SUSE Bug 716002 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/716002"
},
{
"category": "external",
"summary": "SUSE Bug 719047 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/719047"
},
{
"category": "external",
"summary": "SUSE Bug 725167 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/725167"
},
{
"category": "external",
"summary": "SUSE Bug 726096 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/726096"
},
{
"category": "external",
"summary": "SUSE Bug 739248 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/739248"
},
{
"category": "external",
"summary": "SUSE Bug 739256 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/739256"
},
{
"category": "external",
"summary": "SUSE Bug 742306 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/742306"
},
{
"category": "external",
"summary": "SUSE Bug 751718 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/751718"
},
{
"category": "external",
"summary": "SUSE Bug 759666 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/759666"
},
{
"category": "external",
"summary": "SUSE Bug 763598 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/763598"
},
{
"category": "external",
"summary": "SUSE Bug 814655 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/814655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2011-3389"
},
{
"cve": "CVE-2011-4944",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-4944"
}
],
"notes": [
{
"category": "general",
"text": "Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-4944",
"url": "https://www.suse.com/security/cve/CVE-2011-4944"
},
{
"category": "external",
"summary": "SUSE Bug 754447 for CVE-2011-4944",
"url": "https://bugzilla.suse.com/754447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2011-4944"
},
{
"cve": "CVE-2012-0845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-0845"
}
],
"notes": [
{
"category": "general",
"text": "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-0845",
"url": "https://www.suse.com/security/cve/CVE-2012-0845"
},
{
"category": "external",
"summary": "SUSE Bug 747125 for CVE-2012-0845",
"url": "https://bugzilla.suse.com/747125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-0845"
},
{
"cve": "CVE-2012-1150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1150"
}
],
"notes": [
{
"category": "general",
"text": "Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1150",
"url": "https://www.suse.com/security/cve/CVE-2012-1150"
},
{
"category": "external",
"summary": "SUSE Bug 751718 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/751718"
},
{
"category": "external",
"summary": "SUSE Bug 755383 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/755383"
},
{
"category": "external",
"summary": "SUSE Bug 826682 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/826682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-1150"
},
{
"cve": "CVE-2013-1752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-1752"
}
],
"notes": [
{
"category": "general",
"text": "Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 \"Independently Fixable\" in the CVE Counting Decisions",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-1752",
"url": "https://www.suse.com/security/cve/CVE-2013-1752"
},
{
"category": "external",
"summary": "SUSE Bug 856835 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/856835"
},
{
"category": "external",
"summary": "SUSE Bug 856836 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/856836"
},
{
"category": "external",
"summary": "SUSE Bug 863741 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/863741"
},
{
"category": "external",
"summary": "SUSE Bug 885882 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/885882"
},
{
"category": "external",
"summary": "SUSE Bug 898572 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/898572"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-1752"
},
{
"cve": "CVE-2013-4238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-4238"
}
],
"notes": [
{
"category": "general",
"text": "The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-4238",
"url": "https://www.suse.com/security/cve/CVE-2013-4238"
},
{
"category": "external",
"summary": "SUSE Bug 834601 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/834601"
},
{
"category": "external",
"summary": "SUSE Bug 839107 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/839107"
},
{
"category": "external",
"summary": "SUSE Bug 882915 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/882915"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-4238"
},
{
"cve": "CVE-2014-2667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-2667"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-2667",
"url": "https://www.suse.com/security/cve/CVE-2014-2667"
},
{
"category": "external",
"summary": "SUSE Bug 871152 for CVE-2014-2667",
"url": "https://bugzilla.suse.com/871152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-2667"
},
{
"cve": "CVE-2014-4650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4650"
}
],
"notes": [
{
"category": "general",
"text": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4650",
"url": "https://www.suse.com/security/cve/CVE-2014-4650"
},
{
"category": "external",
"summary": "SUSE Bug 856835 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/856835"
},
{
"category": "external",
"summary": "SUSE Bug 856836 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/856836"
},
{
"category": "external",
"summary": "SUSE Bug 863741 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/863741"
},
{
"category": "external",
"summary": "SUSE Bug 885882 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/885882"
},
{
"category": "external",
"summary": "SUSE Bug 898572 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/898572"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-4650"
},
{
"cve": "CVE-2019-20907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-20907"
}
],
"notes": [
{
"category": "general",
"text": "In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-20907",
"url": "https://www.suse.com/security/cve/CVE-2019-20907"
},
{
"category": "external",
"summary": "SUSE Bug 1174091 for CVE-2019-20907",
"url": "https://bugzilla.suse.com/1174091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-20907"
},
{
"cve": "CVE-2019-5010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5010"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5010",
"url": "https://www.suse.com/security/cve/CVE-2019-5010"
},
{
"category": "external",
"summary": "SUSE Bug 1122191 for CVE-2019-5010",
"url": "https://bugzilla.suse.com/1122191"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2019-5010",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5010"
},
{
"cve": "CVE-2019-9947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9947"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9947",
"url": "https://www.suse.com/security/cve/CVE-2019-9947"
},
{
"category": "external",
"summary": "SUSE Bug 1130840 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1130840"
},
{
"category": "external",
"summary": "SUSE Bug 1136184 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1136184"
},
{
"category": "external",
"summary": "SUSE Bug 1155094 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1155094"
},
{
"category": "external",
"summary": "SUSE Bug 1201559 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1201559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-9947"
},
{
"cve": "CVE-2020-10735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10735"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10735",
"url": "https://www.suse.com/security/cve/CVE-2020-10735"
},
{
"category": "external",
"summary": "SUSE Bug 1203125 for CVE-2020-10735",
"url": "https://bugzilla.suse.com/1203125"
},
{
"category": "external",
"summary": "SUSE Bug 1204077 for CVE-2020-10735",
"url": "https://bugzilla.suse.com/1204077"
},
{
"category": "external",
"summary": "SUSE Bug 1204096 for CVE-2020-10735",
"url": "https://bugzilla.suse.com/1204096"
},
{
"category": "external",
"summary": "SUSE Bug 1204097 for CVE-2020-10735",
"url": "https://bugzilla.suse.com/1204097"
},
{
"category": "external",
"summary": "SUSE Bug 1205075 for CVE-2020-10735",
"url": "https://bugzilla.suse.com/1205075"
},
{
"category": "external",
"summary": "SUSE Bug 1208131 for CVE-2020-10735",
"url": "https://bugzilla.suse.com/1208131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-10735"
},
{
"cve": "CVE-2020-15523",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15523"
}
],
"notes": [
{
"category": "general",
"text": "In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15523",
"url": "https://www.suse.com/security/cve/CVE-2020-15523"
},
{
"category": "external",
"summary": "SUSE Bug 1173745 for CVE-2020-15523",
"url": "https://bugzilla.suse.com/1173745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15523"
},
{
"cve": "CVE-2020-15801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15801"
}
],
"notes": [
{
"category": "general",
"text": "In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The \u003cexecutable-name\u003e._pth file (e.g., the python._pth file) is not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15801",
"url": "https://www.suse.com/security/cve/CVE-2020-15801"
},
{
"category": "external",
"summary": "SUSE Bug 1174241 for CVE-2020-15801",
"url": "https://bugzilla.suse.com/1174241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2020-15801"
},
{
"cve": "CVE-2020-8492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8492"
}
],
"notes": [
{
"category": "general",
"text": "Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8492",
"url": "https://www.suse.com/security/cve/CVE-2020-8492"
},
{
"category": "external",
"summary": "SUSE Bug 1162367 for CVE-2020-8492",
"url": "https://bugzilla.suse.com/1162367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8492"
},
{
"cve": "CVE-2021-23336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23336"
}
],
"notes": [
{
"category": "general",
"text": "The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23336",
"url": "https://www.suse.com/security/cve/CVE-2021-23336"
},
{
"category": "external",
"summary": "SUSE Bug 1182179 for CVE-2021-23336",
"url": "https://bugzilla.suse.com/1182179"
},
{
"category": "external",
"summary": "SUSE Bug 1182379 for CVE-2021-23336",
"url": "https://bugzilla.suse.com/1182379"
},
{
"category": "external",
"summary": "SUSE Bug 1182433 for CVE-2021-23336",
"url": "https://bugzilla.suse.com/1182433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23336"
},
{
"cve": "CVE-2021-3177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3177"
}
],
"notes": [
{
"category": "general",
"text": "Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3177",
"url": "https://www.suse.com/security/cve/CVE-2021-3177"
},
{
"category": "external",
"summary": "SUSE Bug 1181126 for CVE-2021-3177",
"url": "https://bugzilla.suse.com/1181126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3177"
},
{
"cve": "CVE-2021-3426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3426"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a flaw in Python 3\u0027s pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3426",
"url": "https://www.suse.com/security/cve/CVE-2021-3426"
},
{
"category": "external",
"summary": "SUSE Bug 1183374 for CVE-2021-3426",
"url": "https://bugzilla.suse.com/1183374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3426"
},
{
"cve": "CVE-2022-25236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-25236"
}
],
"notes": [
{
"category": "general",
"text": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-25236",
"url": "https://www.suse.com/security/cve/CVE-2022-25236"
},
{
"category": "external",
"summary": "SUSE Bug 1196025 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1196025"
},
{
"category": "external",
"summary": "SUSE Bug 1196784 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1196784"
},
{
"category": "external",
"summary": "SUSE Bug 1197217 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1197217"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1201735 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1201735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-25236"
},
{
"cve": "CVE-2022-42919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42919"
}
],
"notes": [
{
"category": "general",
"text": "Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42919",
"url": "https://www.suse.com/security/cve/CVE-2022-42919"
},
{
"category": "external",
"summary": "SUSE Bug 1204886 for CVE-2022-42919",
"url": "https://bugzilla.suse.com/1204886"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-42919"
},
{
"cve": "CVE-2022-45061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-45061"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-45061",
"url": "https://www.suse.com/security/cve/CVE-2022-45061"
},
{
"category": "external",
"summary": "SUSE Bug 1205244 for CVE-2022-45061",
"url": "https://bugzilla.suse.com/1205244"
},
{
"category": "external",
"summary": "SUSE Bug 1211488 for CVE-2022-45061",
"url": "https://bugzilla.suse.com/1211488"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-45061"
},
{
"cve": "CVE-2023-0286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0286"
}
],
"notes": [
{
"category": "general",
"text": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0286",
"url": "https://www.suse.com/security/cve/CVE-2023-0286"
},
{
"category": "external",
"summary": "SUSE Bug 1207533 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1207533"
},
{
"category": "external",
"summary": "SUSE Bug 1207569 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1207569"
},
{
"category": "external",
"summary": "SUSE Bug 1211136 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1211136"
},
{
"category": "external",
"summary": "SUSE Bug 1211503 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1211503"
},
{
"category": "external",
"summary": "SUSE Bug 1213146 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1213146"
},
{
"category": "external",
"summary": "SUSE Bug 1214269 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1214269"
},
{
"category": "external",
"summary": "SUSE Bug 1218477 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1218477"
},
{
"category": "external",
"summary": "SUSE Bug 1218967 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1218967"
},
{
"category": "external",
"summary": "SUSE Bug 1225677 for CVE-2023-0286",
"url": "https://bugzilla.suse.com/1225677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2023-24329",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24329"
}
],
"notes": [
{
"category": "general",
"text": "An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24329",
"url": "https://www.suse.com/security/cve/CVE-2023-24329"
},
{
"category": "external",
"summary": "SUSE Bug 1208471 for CVE-2023-24329",
"url": "https://bugzilla.suse.com/1208471"
},
{
"category": "external",
"summary": "SUSE Bug 1213553 for CVE-2023-24329",
"url": "https://bugzilla.suse.com/1213553"
},
{
"category": "external",
"summary": "SUSE Bug 1213554 for CVE-2023-24329",
"url": "https://bugzilla.suse.com/1213554"
},
{
"category": "external",
"summary": "SUSE Bug 1213839 for CVE-2023-24329",
"url": "https://bugzilla.suse.com/1213839"
},
{
"category": "external",
"summary": "SUSE Bug 1225672 for CVE-2023-24329",
"url": "https://bugzilla.suse.com/1225672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-24329"
},
{
"cve": "CVE-2023-2650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2650"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with \u0027n\u0027 being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer\u0027s certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2650",
"url": "https://www.suse.com/security/cve/CVE-2023-2650"
},
{
"category": "external",
"summary": "SUSE Bug 1211430 for CVE-2023-2650",
"url": "https://bugzilla.suse.com/1211430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-2650"
},
{
"cve": "CVE-2023-27043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-27043"
}
],
"notes": [
{
"category": "general",
"text": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-27043",
"url": "https://www.suse.com/security/cve/CVE-2023-27043"
},
{
"category": "external",
"summary": "SUSE Bug 1210638 for CVE-2023-27043",
"url": "https://bugzilla.suse.com/1210638"
},
{
"category": "external",
"summary": "SUSE Bug 1222537 for CVE-2023-27043",
"url": "https://bugzilla.suse.com/1222537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-27043"
},
{
"cve": "CVE-2023-40217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-40217"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as \"not connected\" and won\u0027t initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-40217",
"url": "https://www.suse.com/security/cve/CVE-2023-40217"
},
{
"category": "external",
"summary": "SUSE Bug 1214692 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1214692"
},
{
"category": "external",
"summary": "SUSE Bug 1217524 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1217524"
},
{
"category": "external",
"summary": "SUSE Bug 1218319 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1218319"
},
{
"category": "external",
"summary": "SUSE Bug 1218476 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1218476"
},
{
"category": "external",
"summary": "SUSE Bug 1218965 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1218965"
},
{
"category": "external",
"summary": "SUSE Bug 1219472 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1219472"
},
{
"category": "external",
"summary": "SUSE Bug 1219713 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1219713"
},
{
"category": "external",
"summary": "SUSE Bug 1221582 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1221582"
},
{
"category": "external",
"summary": "SUSE Bug 1224883 for CVE-2023-40217",
"url": "https://bugzilla.suse.com/1224883"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-40217"
},
{
"cve": "CVE-2023-52425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52425"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52425",
"url": "https://www.suse.com/security/cve/CVE-2023-52425"
},
{
"category": "external",
"summary": "SUSE Bug 1219559 for CVE-2023-52425",
"url": "https://bugzilla.suse.com/1219559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2024-4030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4030"
}
],
"notes": [
{
"category": "general",
"text": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you\u0027re not using Windows or haven\u0027t changed the temporary directory location then you aren\u0027t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \"700\" for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4030",
"url": "https://www.suse.com/security/cve/CVE-2024-4030"
},
{
"category": "external",
"summary": "SUSE Bug 1227152 for CVE-2024-4030",
"url": "https://bugzilla.suse.com/1227152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-4030"
},
{
"cve": "CVE-2024-4032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4032"
}
],
"notes": [
{
"category": "general",
"text": "The \"ipaddress\" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \"globally reachable\" or \"private\". This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u0027t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\n\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4032",
"url": "https://www.suse.com/security/cve/CVE-2024-4032"
},
{
"category": "external",
"summary": "SUSE Bug 1226448 for CVE-2024-4032",
"url": "https://bugzilla.suse.com/1226448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2024-4032"
},
{
"cve": "CVE-2024-6232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6232"
}
],
"notes": [
{
"category": "general",
"text": "There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6232",
"url": "https://www.suse.com/security/cve/CVE-2024-6232"
},
{
"category": "external",
"summary": "SUSE Bug 1230227 for CVE-2024-6232",
"url": "https://bugzilla.suse.com/1230227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-6232"
},
{
"cve": "CVE-2024-6923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6923"
}
],
"notes": [
{
"category": "general",
"text": "There is a MEDIUM severity vulnerability affecting CPython.\n\nThe \nemail module didn\u0027t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6923",
"url": "https://www.suse.com/security/cve/CVE-2024-6923"
},
{
"category": "external",
"summary": "SUSE Bug 1228780 for CVE-2024-6923",
"url": "https://bugzilla.suse.com/1228780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-6923"
},
{
"cve": "CVE-2024-7592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-7592"
}
],
"notes": [
{
"category": "general",
"text": "There is a LOW severity vulnerability affecting CPython, specifically the\n\u0027http.cookies\u0027 standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-7592",
"url": "https://www.suse.com/security/cve/CVE-2024-7592"
},
{
"category": "external",
"summary": "SUSE Bug 1229596 for CVE-2024-7592",
"url": "https://bugzilla.suse.com/1229596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-7592"
},
{
"cve": "CVE-2024-8088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-8088"
}
],
"notes": [
{
"category": "general",
"text": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\"\nmodule affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected.\n\n\n\n\n\nWhen iterating over names of entries in a zip archive (for example, methods\nof \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc)\nthe process can be put into an infinite loop with a maliciously crafted\nzip archive. This defect applies when reading only metadata or extracting\nthe contents of the zip archive. Programs that are not handling\nuser-controlled zip archives are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-8088",
"url": "https://www.suse.com/security/cve/CVE-2024-8088"
},
{
"category": "external",
"summary": "SUSE Bug 1229704 for CVE-2024-8088",
"url": "https://bugzilla.suse.com/1229704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-8088"
}
]
}
opensuse-su-2024:14346-1
Vulnerability from csaf_opensuse
Published
2024-09-18 00:00
Modified
2024-09-18 00:00
Summary
python311-3.11.9-7.1 on GA media
Notes
Title of the patch
python311-3.11.9-7.1 on GA media
Description of the patch
These are all security issues fixed in the python311-3.11.9-7.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14346
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-3.11.9-7.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-3.11.9-7.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14346",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14346-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:14346-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UBWVORMJLTP5YM7GG2KA4LSPGF6N5YVF/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:14346-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UBWVORMJLTP5YM7GG2KA4LSPGF6N5YVF/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4030 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6232 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-7592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-7592/"
}
],
"title": "python311-3.11.9-7.1 on GA media",
"tracking": {
"current_release_date": "2024-09-18T00:00:00Z",
"generator": {
"date": "2024-09-18T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14346-1",
"initial_release_date": "2024-09-18T00:00:00Z",
"revision_history": [
{
"date": "2024-09-18T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-3.11.9-7.1.aarch64",
"product": {
"name": "python311-3.11.9-7.1.aarch64",
"product_id": "python311-3.11.9-7.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-32bit-3.11.10-1.1.aarch64",
"product": {
"name": "python311-32bit-3.11.10-1.1.aarch64",
"product_id": "python311-32bit-3.11.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.9-7.1.aarch64",
"product": {
"name": "python311-curses-3.11.9-7.1.aarch64",
"product_id": "python311-curses-3.11.9-7.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-dbm-3.11.9-7.1.aarch64",
"product": {
"name": "python311-dbm-3.11.9-7.1.aarch64",
"product_id": "python311-dbm-3.11.9-7.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-idle-3.11.9-7.1.aarch64",
"product": {
"name": "python311-idle-3.11.9-7.1.aarch64",
"product_id": "python311-idle-3.11.9-7.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-tk-3.11.9-7.1.aarch64",
"product": {
"name": "python311-tk-3.11.9-7.1.aarch64",
"product_id": "python311-tk-3.11.9-7.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-x86-64-v3-3.11.9-7.1.aarch64",
"product": {
"name": "python311-x86-64-v3-3.11.9-7.1.aarch64",
"product_id": "python311-x86-64-v3-3.11.9-7.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-3.11.9-7.1.ppc64le",
"product": {
"name": "python311-3.11.9-7.1.ppc64le",
"product_id": "python311-3.11.9-7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-32bit-3.11.10-1.1.ppc64le",
"product": {
"name": "python311-32bit-3.11.10-1.1.ppc64le",
"product_id": "python311-32bit-3.11.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.9-7.1.ppc64le",
"product": {
"name": "python311-curses-3.11.9-7.1.ppc64le",
"product_id": "python311-curses-3.11.9-7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-dbm-3.11.9-7.1.ppc64le",
"product": {
"name": "python311-dbm-3.11.9-7.1.ppc64le",
"product_id": "python311-dbm-3.11.9-7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-idle-3.11.9-7.1.ppc64le",
"product": {
"name": "python311-idle-3.11.9-7.1.ppc64le",
"product_id": "python311-idle-3.11.9-7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-tk-3.11.9-7.1.ppc64le",
"product": {
"name": "python311-tk-3.11.9-7.1.ppc64le",
"product_id": "python311-tk-3.11.9-7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-x86-64-v3-3.11.9-7.1.ppc64le",
"product": {
"name": "python311-x86-64-v3-3.11.9-7.1.ppc64le",
"product_id": "python311-x86-64-v3-3.11.9-7.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-3.11.9-7.1.s390x",
"product": {
"name": "python311-3.11.9-7.1.s390x",
"product_id": "python311-3.11.9-7.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-32bit-3.11.10-1.1.s390x",
"product": {
"name": "python311-32bit-3.11.10-1.1.s390x",
"product_id": "python311-32bit-3.11.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.9-7.1.s390x",
"product": {
"name": "python311-curses-3.11.9-7.1.s390x",
"product_id": "python311-curses-3.11.9-7.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-dbm-3.11.9-7.1.s390x",
"product": {
"name": "python311-dbm-3.11.9-7.1.s390x",
"product_id": "python311-dbm-3.11.9-7.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-idle-3.11.9-7.1.s390x",
"product": {
"name": "python311-idle-3.11.9-7.1.s390x",
"product_id": "python311-idle-3.11.9-7.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-tk-3.11.9-7.1.s390x",
"product": {
"name": "python311-tk-3.11.9-7.1.s390x",
"product_id": "python311-tk-3.11.9-7.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-x86-64-v3-3.11.9-7.1.s390x",
"product": {
"name": "python311-x86-64-v3-3.11.9-7.1.s390x",
"product_id": "python311-x86-64-v3-3.11.9-7.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-3.11.9-7.1.x86_64",
"product": {
"name": "python311-3.11.9-7.1.x86_64",
"product_id": "python311-3.11.9-7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-32bit-3.11.10-1.1.x86_64",
"product": {
"name": "python311-32bit-3.11.10-1.1.x86_64",
"product_id": "python311-32bit-3.11.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.9-7.1.x86_64",
"product": {
"name": "python311-curses-3.11.9-7.1.x86_64",
"product_id": "python311-curses-3.11.9-7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-dbm-3.11.9-7.1.x86_64",
"product": {
"name": "python311-dbm-3.11.9-7.1.x86_64",
"product_id": "python311-dbm-3.11.9-7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-idle-3.11.9-7.1.x86_64",
"product": {
"name": "python311-idle-3.11.9-7.1.x86_64",
"product_id": "python311-idle-3.11.9-7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-tk-3.11.9-7.1.x86_64",
"product": {
"name": "python311-tk-3.11.9-7.1.x86_64",
"product_id": "python311-tk-3.11.9-7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-x86-64-v3-3.11.9-7.1.x86_64",
"product": {
"name": "python311-x86-64-v3-3.11.9-7.1.x86_64",
"product_id": "python311-x86-64-v3-3.11.9-7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.9-7.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-3.11.9-7.1.aarch64"
},
"product_reference": "python311-3.11.9-7.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.9-7.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-3.11.9-7.1.ppc64le"
},
"product_reference": "python311-3.11.9-7.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.9-7.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-3.11.9-7.1.s390x"
},
"product_reference": "python311-3.11.9-7.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.9-7.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-3.11.9-7.1.x86_64"
},
"product_reference": "python311-3.11.9-7.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-32bit-3.11.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.aarch64"
},
"product_reference": "python311-32bit-3.11.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-32bit-3.11.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.ppc64le"
},
"product_reference": "python311-32bit-3.11.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-32bit-3.11.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.s390x"
},
"product_reference": "python311-32bit-3.11.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-32bit-3.11.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.x86_64"
},
"product_reference": "python311-32bit-3.11.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-curses-3.11.9-7.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-curses-3.11.9-7.1.aarch64"
},
"product_reference": "python311-curses-3.11.9-7.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-curses-3.11.9-7.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-curses-3.11.9-7.1.ppc64le"
},
"product_reference": "python311-curses-3.11.9-7.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-curses-3.11.9-7.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-curses-3.11.9-7.1.s390x"
},
"product_reference": "python311-curses-3.11.9-7.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-curses-3.11.9-7.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-curses-3.11.9-7.1.x86_64"
},
"product_reference": "python311-curses-3.11.9-7.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-dbm-3.11.9-7.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.aarch64"
},
"product_reference": "python311-dbm-3.11.9-7.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-dbm-3.11.9-7.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.ppc64le"
},
"product_reference": "python311-dbm-3.11.9-7.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-dbm-3.11.9-7.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.s390x"
},
"product_reference": "python311-dbm-3.11.9-7.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-dbm-3.11.9-7.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.x86_64"
},
"product_reference": "python311-dbm-3.11.9-7.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-idle-3.11.9-7.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-idle-3.11.9-7.1.aarch64"
},
"product_reference": "python311-idle-3.11.9-7.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-idle-3.11.9-7.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-idle-3.11.9-7.1.ppc64le"
},
"product_reference": "python311-idle-3.11.9-7.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-idle-3.11.9-7.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-idle-3.11.9-7.1.s390x"
},
"product_reference": "python311-idle-3.11.9-7.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-idle-3.11.9-7.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-idle-3.11.9-7.1.x86_64"
},
"product_reference": "python311-idle-3.11.9-7.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-tk-3.11.9-7.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-tk-3.11.9-7.1.aarch64"
},
"product_reference": "python311-tk-3.11.9-7.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-tk-3.11.9-7.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-tk-3.11.9-7.1.ppc64le"
},
"product_reference": "python311-tk-3.11.9-7.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-tk-3.11.9-7.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-tk-3.11.9-7.1.s390x"
},
"product_reference": "python311-tk-3.11.9-7.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-tk-3.11.9-7.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-tk-3.11.9-7.1.x86_64"
},
"product_reference": "python311-tk-3.11.9-7.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-x86-64-v3-3.11.9-7.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.aarch64"
},
"product_reference": "python311-x86-64-v3-3.11.9-7.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-x86-64-v3-3.11.9-7.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.ppc64le"
},
"product_reference": "python311-x86-64-v3-3.11.9-7.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-x86-64-v3-3.11.9-7.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.s390x"
},
"product_reference": "python311-x86-64-v3-3.11.9-7.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-x86-64-v3-3.11.9-7.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.x86_64"
},
"product_reference": "python311-x86-64-v3-3.11.9-7.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-4030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4030"
}
],
"notes": [
{
"category": "general",
"text": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you\u0027re not using Windows or haven\u0027t changed the temporary directory location then you aren\u0027t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \"700\" for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.aarch64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.ppc64le",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.s390x",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.x86_64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4030",
"url": "https://www.suse.com/security/cve/CVE-2024-4030"
},
{
"category": "external",
"summary": "SUSE Bug 1227152 for CVE-2024-4030",
"url": "https://bugzilla.suse.com/1227152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.aarch64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.ppc64le",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.s390x",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.x86_64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.aarch64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.ppc64le",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.s390x",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.x86_64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-4030"
},
{
"cve": "CVE-2024-6232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6232"
}
],
"notes": [
{
"category": "general",
"text": "There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.aarch64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.ppc64le",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.s390x",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.x86_64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6232",
"url": "https://www.suse.com/security/cve/CVE-2024-6232"
},
{
"category": "external",
"summary": "SUSE Bug 1230227 for CVE-2024-6232",
"url": "https://bugzilla.suse.com/1230227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.aarch64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.ppc64le",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.s390x",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.x86_64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.aarch64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.ppc64le",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.s390x",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.x86_64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-6232"
},
{
"cve": "CVE-2024-7592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-7592"
}
],
"notes": [
{
"category": "general",
"text": "There is a LOW severity vulnerability affecting CPython, specifically the\n\u0027http.cookies\u0027 standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.aarch64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.ppc64le",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.s390x",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.x86_64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-7592",
"url": "https://www.suse.com/security/cve/CVE-2024-7592"
},
{
"category": "external",
"summary": "SUSE Bug 1229596 for CVE-2024-7592",
"url": "https://bugzilla.suse.com/1229596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.aarch64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.ppc64le",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.s390x",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.x86_64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.aarch64",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.ppc64le",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.s390x",
"openSUSE Tumbleweed:python311-32bit-3.11.10-1.1.x86_64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-curses-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-dbm-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-idle-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-tk-3.11.9-7.1.x86_64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.aarch64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.ppc64le",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.s390x",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.9-7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-7592"
}
]
}
opensuse-su-2024:14331-1
Vulnerability from csaf_opensuse
Published
2024-09-10 00:00
Modified
2024-09-10 00:00
Summary
python39-3.9.20-1.1 on GA media
Notes
Title of the patch
python39-3.9.20-1.1 on GA media
Description of the patch
These are all security issues fixed in the python39-3.9.20-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14331
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python39-3.9.20-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python39-3.9.20-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14331",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14331-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4030 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4030/"
}
],
"title": "python39-3.9.20-1.1 on GA media",
"tracking": {
"current_release_date": "2024-09-10T00:00:00Z",
"generator": {
"date": "2024-09-10T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14331-1",
"initial_release_date": "2024-09-10T00:00:00Z",
"revision_history": [
{
"date": "2024-09-10T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python39-3.9.20-1.1.aarch64",
"product": {
"name": "python39-3.9.20-1.1.aarch64",
"product_id": "python39-3.9.20-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.20-1.1.aarch64",
"product": {
"name": "python39-curses-3.9.20-1.1.aarch64",
"product_id": "python39-curses-3.9.20-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.20-1.1.aarch64",
"product": {
"name": "python39-dbm-3.9.20-1.1.aarch64",
"product_id": "python39-dbm-3.9.20-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.20-1.1.aarch64",
"product": {
"name": "python39-idle-3.9.20-1.1.aarch64",
"product_id": "python39-idle-3.9.20-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.20-1.1.aarch64",
"product": {
"name": "python39-tk-3.9.20-1.1.aarch64",
"product_id": "python39-tk-3.9.20-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-3.9.20-1.1.ppc64le",
"product": {
"name": "python39-3.9.20-1.1.ppc64le",
"product_id": "python39-3.9.20-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.20-1.1.ppc64le",
"product": {
"name": "python39-curses-3.9.20-1.1.ppc64le",
"product_id": "python39-curses-3.9.20-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.20-1.1.ppc64le",
"product": {
"name": "python39-dbm-3.9.20-1.1.ppc64le",
"product_id": "python39-dbm-3.9.20-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.20-1.1.ppc64le",
"product": {
"name": "python39-idle-3.9.20-1.1.ppc64le",
"product_id": "python39-idle-3.9.20-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.20-1.1.ppc64le",
"product": {
"name": "python39-tk-3.9.20-1.1.ppc64le",
"product_id": "python39-tk-3.9.20-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-3.9.20-1.1.s390x",
"product": {
"name": "python39-3.9.20-1.1.s390x",
"product_id": "python39-3.9.20-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.20-1.1.s390x",
"product": {
"name": "python39-curses-3.9.20-1.1.s390x",
"product_id": "python39-curses-3.9.20-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.20-1.1.s390x",
"product": {
"name": "python39-dbm-3.9.20-1.1.s390x",
"product_id": "python39-dbm-3.9.20-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.20-1.1.s390x",
"product": {
"name": "python39-idle-3.9.20-1.1.s390x",
"product_id": "python39-idle-3.9.20-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.20-1.1.s390x",
"product": {
"name": "python39-tk-3.9.20-1.1.s390x",
"product_id": "python39-tk-3.9.20-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-3.9.20-1.1.x86_64",
"product": {
"name": "python39-3.9.20-1.1.x86_64",
"product_id": "python39-3.9.20-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.20-1.1.x86_64",
"product": {
"name": "python39-curses-3.9.20-1.1.x86_64",
"product_id": "python39-curses-3.9.20-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.20-1.1.x86_64",
"product": {
"name": "python39-dbm-3.9.20-1.1.x86_64",
"product_id": "python39-dbm-3.9.20-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.20-1.1.x86_64",
"product": {
"name": "python39-idle-3.9.20-1.1.x86_64",
"product_id": "python39-idle-3.9.20-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.20-1.1.x86_64",
"product": {
"name": "python39-tk-3.9.20-1.1.x86_64",
"product_id": "python39-tk-3.9.20-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.20-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-3.9.20-1.1.aarch64"
},
"product_reference": "python39-3.9.20-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.20-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-3.9.20-1.1.ppc64le"
},
"product_reference": "python39-3.9.20-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.20-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-3.9.20-1.1.s390x"
},
"product_reference": "python39-3.9.20-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.20-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-3.9.20-1.1.x86_64"
},
"product_reference": "python39-3.9.20-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.20-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-curses-3.9.20-1.1.aarch64"
},
"product_reference": "python39-curses-3.9.20-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.20-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-curses-3.9.20-1.1.ppc64le"
},
"product_reference": "python39-curses-3.9.20-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.20-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-curses-3.9.20-1.1.s390x"
},
"product_reference": "python39-curses-3.9.20-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.20-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-curses-3.9.20-1.1.x86_64"
},
"product_reference": "python39-curses-3.9.20-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.20-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-dbm-3.9.20-1.1.aarch64"
},
"product_reference": "python39-dbm-3.9.20-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.20-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-dbm-3.9.20-1.1.ppc64le"
},
"product_reference": "python39-dbm-3.9.20-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.20-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-dbm-3.9.20-1.1.s390x"
},
"product_reference": "python39-dbm-3.9.20-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.20-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-dbm-3.9.20-1.1.x86_64"
},
"product_reference": "python39-dbm-3.9.20-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.20-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-idle-3.9.20-1.1.aarch64"
},
"product_reference": "python39-idle-3.9.20-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.20-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-idle-3.9.20-1.1.ppc64le"
},
"product_reference": "python39-idle-3.9.20-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.20-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-idle-3.9.20-1.1.s390x"
},
"product_reference": "python39-idle-3.9.20-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.20-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-idle-3.9.20-1.1.x86_64"
},
"product_reference": "python39-idle-3.9.20-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.20-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-tk-3.9.20-1.1.aarch64"
},
"product_reference": "python39-tk-3.9.20-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.20-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-tk-3.9.20-1.1.ppc64le"
},
"product_reference": "python39-tk-3.9.20-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.20-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-tk-3.9.20-1.1.s390x"
},
"product_reference": "python39-tk-3.9.20-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.20-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-tk-3.9.20-1.1.x86_64"
},
"product_reference": "python39-tk-3.9.20-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-4030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4030"
}
],
"notes": [
{
"category": "general",
"text": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you\u0027re not using Windows or haven\u0027t changed the temporary directory location then you aren\u0027t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \"700\" for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python39-3.9.20-1.1.aarch64",
"openSUSE Tumbleweed:python39-3.9.20-1.1.ppc64le",
"openSUSE Tumbleweed:python39-3.9.20-1.1.s390x",
"openSUSE Tumbleweed:python39-3.9.20-1.1.x86_64",
"openSUSE Tumbleweed:python39-curses-3.9.20-1.1.aarch64",
"openSUSE Tumbleweed:python39-curses-3.9.20-1.1.ppc64le",
"openSUSE Tumbleweed:python39-curses-3.9.20-1.1.s390x",
"openSUSE Tumbleweed:python39-curses-3.9.20-1.1.x86_64",
"openSUSE Tumbleweed:python39-dbm-3.9.20-1.1.aarch64",
"openSUSE Tumbleweed:python39-dbm-3.9.20-1.1.ppc64le",
"openSUSE Tumbleweed:python39-dbm-3.9.20-1.1.s390x",
"openSUSE Tumbleweed:python39-dbm-3.9.20-1.1.x86_64",
"openSUSE Tumbleweed:python39-idle-3.9.20-1.1.aarch64",
"openSUSE Tumbleweed:python39-idle-3.9.20-1.1.ppc64le",
"openSUSE Tumbleweed:python39-idle-3.9.20-1.1.s390x",
"openSUSE Tumbleweed:python39-idle-3.9.20-1.1.x86_64",
"openSUSE Tumbleweed:python39-tk-3.9.20-1.1.aarch64",
"openSUSE Tumbleweed:python39-tk-3.9.20-1.1.ppc64le",
"openSUSE Tumbleweed:python39-tk-3.9.20-1.1.s390x",
"openSUSE Tumbleweed:python39-tk-3.9.20-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4030",
"url": "https://www.suse.com/security/cve/CVE-2024-4030"
},
{
"category": "external",
"summary": "SUSE Bug 1227152 for CVE-2024-4030",
"url": "https://bugzilla.suse.com/1227152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python39-3.9.20-1.1.aarch64",
"openSUSE Tumbleweed:python39-3.9.20-1.1.ppc64le",
"openSUSE Tumbleweed:python39-3.9.20-1.1.s390x",
"openSUSE Tumbleweed:python39-3.9.20-1.1.x86_64",
"openSUSE Tumbleweed:python39-curses-3.9.20-1.1.aarch64",
"openSUSE Tumbleweed:python39-curses-3.9.20-1.1.ppc64le",
"openSUSE Tumbleweed:python39-curses-3.9.20-1.1.s390x",
"openSUSE Tumbleweed:python39-curses-3.9.20-1.1.x86_64",
"openSUSE Tumbleweed:python39-dbm-3.9.20-1.1.aarch64",
"openSUSE Tumbleweed:python39-dbm-3.9.20-1.1.ppc64le",
"openSUSE Tumbleweed:python39-dbm-3.9.20-1.1.s390x",
"openSUSE Tumbleweed:python39-dbm-3.9.20-1.1.x86_64",
"openSUSE Tumbleweed:python39-idle-3.9.20-1.1.aarch64",
"openSUSE Tumbleweed:python39-idle-3.9.20-1.1.ppc64le",
"openSUSE Tumbleweed:python39-idle-3.9.20-1.1.s390x",
"openSUSE Tumbleweed:python39-idle-3.9.20-1.1.x86_64",
"openSUSE Tumbleweed:python39-tk-3.9.20-1.1.aarch64",
"openSUSE Tumbleweed:python39-tk-3.9.20-1.1.ppc64le",
"openSUSE Tumbleweed:python39-tk-3.9.20-1.1.s390x",
"openSUSE Tumbleweed:python39-tk-3.9.20-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python39-3.9.20-1.1.aarch64",
"openSUSE Tumbleweed:python39-3.9.20-1.1.ppc64le",
"openSUSE Tumbleweed:python39-3.9.20-1.1.s390x",
"openSUSE Tumbleweed:python39-3.9.20-1.1.x86_64",
"openSUSE Tumbleweed:python39-curses-3.9.20-1.1.aarch64",
"openSUSE Tumbleweed:python39-curses-3.9.20-1.1.ppc64le",
"openSUSE Tumbleweed:python39-curses-3.9.20-1.1.s390x",
"openSUSE Tumbleweed:python39-curses-3.9.20-1.1.x86_64",
"openSUSE Tumbleweed:python39-dbm-3.9.20-1.1.aarch64",
"openSUSE Tumbleweed:python39-dbm-3.9.20-1.1.ppc64le",
"openSUSE Tumbleweed:python39-dbm-3.9.20-1.1.s390x",
"openSUSE Tumbleweed:python39-dbm-3.9.20-1.1.x86_64",
"openSUSE Tumbleweed:python39-idle-3.9.20-1.1.aarch64",
"openSUSE Tumbleweed:python39-idle-3.9.20-1.1.ppc64le",
"openSUSE Tumbleweed:python39-idle-3.9.20-1.1.s390x",
"openSUSE Tumbleweed:python39-idle-3.9.20-1.1.x86_64",
"openSUSE Tumbleweed:python39-tk-3.9.20-1.1.aarch64",
"openSUSE Tumbleweed:python39-tk-3.9.20-1.1.ppc64le",
"openSUSE Tumbleweed:python39-tk-3.9.20-1.1.s390x",
"openSUSE Tumbleweed:python39-tk-3.9.20-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-4030"
}
]
}
ncsc-2025-0021
Vulnerability from csaf_ncscnl
Published
2025-01-22 13:30
Modified
2025-01-22 13:30
Summary
Kwetsbaarheden verholpen in Oracle Communications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communicatieproducten, waaronder Oracle Communications Unified Assurance, Oracle Communications Cloud Native Core Network Function en Oracle Communications Order and Service Management.
Interpretaties
De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om Denial of Service (DoS) aanvallen uit te voeren of om ongeautoriseerde toegang tot gevoelige gegevens te verkrijgen. Specifieke versies, zoals 24.2.0 en 24.3.0 van de Cloud Native Core Network Function, zijn bijzonder kwetsbaar. Kwaadwillenden kunnen deze kwetsbaarheden misbruiken door speciaal geprepareerde HTTP-verzoeken te sturen naar het kwetsbare systeem.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-1395
Dependency on Vulnerable Third-Party Component
CWE-670
Always-Incorrect Control Flow Implementation
CWE-405
Asymmetric Resource Consumption (Amplification)
CWE-35
Path Traversal: '.../...//'
CWE-466
Return of Pointer Value Outside of Expected Range
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE-676
Use of Potentially Dangerous Function
CWE-606
Unchecked Input for Loop Condition
CWE-450
Multiple Interpretations of UI Input
CWE-131
Incorrect Calculation of Buffer Size
CWE-328
Use of Weak Hash
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-669
Incorrect Resource Transfer Between Spheres
CWE-1220
Insufficient Granularity of Access Control
CWE-201
Insertion of Sensitive Information Into Sent Data
CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-755
Improper Handling of Exceptional Conditions
CWE-347
Improper Verification of Cryptographic Signature
CWE-834
Excessive Iteration
CWE-178
Improper Handling of Case Sensitivity
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-440
Expected Behavior Violation
CWE-415
Double Free
CWE-311
Missing Encryption of Sensitive Data
CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-703
Improper Check or Handling of Exceptional Conditions
CWE-617
Reachable Assertion
CWE-427
Uncontrolled Search Path Element
CWE-836
Use of Password Hash Instead of Password for Authentication
CWE-680
Integer Overflow to Buffer Overflow
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE-23
Relative Path Traversal
CWE-116
Improper Encoding or Escaping of Output
CWE-345
Insufficient Verification of Data Authenticity
CWE-203
Observable Discrepancy
CWE-354
Improper Validation of Integrity Check Value
CWE-325
Missing Cryptographic Step
CWE-190
Integer Overflow or Wraparound
CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE-61
UNIX Symbolic Link (Symlink) Following
CWE-552
Files or Directories Accessible to External Parties
CWE-639
Authorization Bypass Through User-Controlled Key
CWE-798
Use of Hard-coded Credentials
CWE-434
Unrestricted Upload of File with Dangerous Type
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-404
Improper Resource Shutdown or Release
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333
Inefficient Regular Expression Complexity
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-502
Deserialization of Untrusted Data
CWE-248
Uncaught Exception
CWE-674
Uncontrolled Recursion
CWE-863
Incorrect Authorization
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-611
Improper Restriction of XML External Entity Reference
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-269
Improper Privilege Management
CWE-20
Improper Input Validation
CWE-209
Generation of Error Message Containing Sensitive Information
CWE-276
Incorrect Default Permissions
CWE-294
Authentication Bypass by Capture-replay
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communicatieproducten, waaronder Oracle Communications Unified Assurance, Oracle Communications Cloud Native Core Network Function en Oracle Communications Order and Service Management.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om Denial of Service (DoS) aanvallen uit te voeren of om ongeautoriseerde toegang tot gevoelige gegevens te verkrijgen. Specifieke versies, zoals 24.2.0 en 24.3.0 van de Cloud Native Core Network Function, zijn bijzonder kwetsbaar. Kwaadwillenden kunnen deze kwetsbaarheden misbruiken door speciaal geprepareerde HTTP-verzoeken te sturen naar het kwetsbare systeem.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Dependency on Vulnerable Third-Party Component",
"title": "CWE-1395"
},
{
"category": "general",
"text": "Always-Incorrect Control Flow Implementation",
"title": "CWE-670"
},
{
"category": "general",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
},
{
"category": "general",
"text": "Path Traversal: \u0027.../...//\u0027",
"title": "CWE-35"
},
{
"category": "general",
"text": "Return of Pointer Value Outside of Expected Range",
"title": "CWE-466"
},
{
"category": "general",
"text": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"title": "CWE-338"
},
{
"category": "general",
"text": "Use of Potentially Dangerous Function",
"title": "CWE-676"
},
{
"category": "general",
"text": "Unchecked Input for Loop Condition",
"title": "CWE-606"
},
{
"category": "general",
"text": "Multiple Interpretations of UI Input",
"title": "CWE-450"
},
{
"category": "general",
"text": "Incorrect Calculation of Buffer Size",
"title": "CWE-131"
},
{
"category": "general",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "general",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "general",
"text": "Incorrect Resource Transfer Between Spheres",
"title": "CWE-669"
},
{
"category": "general",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Acceptance of Extraneous Untrusted Data With Trusted Data",
"title": "CWE-349"
},
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "general",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "general",
"text": "Excessive Iteration",
"title": "CWE-834"
},
{
"category": "general",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
},
{
"category": "general",
"text": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
"title": "CWE-924"
},
{
"category": "general",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "general",
"text": "Reachable Assertion",
"title": "CWE-617"
},
{
"category": "general",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
},
{
"category": "general",
"text": "Use of Password Hash Instead of Password for Authentication",
"title": "CWE-836"
},
{
"category": "general",
"text": "Integer Overflow to Buffer Overflow",
"title": "CWE-680"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "general",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "general",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
},
{
"category": "general",
"text": "Observable Discrepancy",
"title": "CWE-203"
},
{
"category": "general",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
},
{
"category": "general",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
},
{
"category": "general",
"text": "UNIX Symbolic Link (Symlink) Following",
"title": "CWE-61"
},
{
"category": "general",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
},
{
"category": "general",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
},
{
"category": "general",
"text": "Use of Hard-coded Credentials",
"title": "CWE-798"
},
{
"category": "general",
"text": "Unrestricted Upload of File with Dangerous Type",
"title": "CWE-434"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Use of a Broken or Risky Cryptographic Algorithm",
"title": "CWE-327"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Uncaught Exception",
"title": "CWE-248"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Privilege Management",
"title": "CWE-269"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "general",
"text": "Incorrect Default Permissions",
"title": "CWE-276"
},
{
"category": "general",
"text": "Authentication Bypass by Capture-replay",
"title": "CWE-294"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications",
"tracking": {
"current_release_date": "2025-01-22T13:30:50.189632Z",
"id": "NCSC-2025-0021",
"initial_release_date": "2025-01-22T13:30:50.189632Z",
"revision_history": [
{
"date": "2025-01-22T13:30:50.189632Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1727475",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635313",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:10.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635305",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:12.11.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635311",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:12.11.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635312",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:12.11.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635323",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:12.6.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1670430",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:14.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1674632",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:14.0.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1674630",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:14.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635320",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:15.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1674633",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:17.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1670439",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635322",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1670429",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1670435",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:23.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1670431",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1670436",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1670432",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:23.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635321",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635310",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635318",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:23.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1674640",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:23.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1674642",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:23.4.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1670434",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:24.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635316",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:24.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1674639",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:24.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635314",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1674638",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:24.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1674637",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:24.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635306",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:4.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635307",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:4.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635317",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:46.6.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635319",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:46.6.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1670438",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635324",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:5.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635315",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:5.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1670433",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:9.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1674641",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:9.0.1.10.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1674635",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:9.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1674636",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:9.1.1.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1670437",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:9.1.1.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1674631",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:9.1.1.9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1674634",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:9.1.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635308",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:9.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications",
"product": {
"name": "communications",
"product_id": "CSAFPID-1635309",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications:9.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications__10.4.0.4",
"product": {
"name": "communications__10.4.0.4",
"product_id": "CSAFPID-1674629",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications__10.4.0.4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications___23.4.2",
"product": {
"name": "communications___23.4.2",
"product_id": "CSAFPID-1670442",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications___23.4.2:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications___23.4.3",
"product": {
"name": "communications___23.4.3",
"product_id": "CSAFPID-1635325",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications___23.4.3:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications___23.4.4",
"product": {
"name": "communications___23.4.4",
"product_id": "CSAFPID-1635326",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications___23.4.4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications___23.4.5",
"product": {
"name": "communications___23.4.5",
"product_id": "CSAFPID-1674645",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications___23.4.5:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications___23.4.6",
"product": {
"name": "communications___23.4.6",
"product_id": "CSAFPID-1674646",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications___23.4.6:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications___24.2.0",
"product": {
"name": "communications___24.2.0",
"product_id": "CSAFPID-1674644",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications___24.2.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications___7.2.1.0.0",
"product": {
"name": "communications___7.2.1.0.0",
"product_id": "CSAFPID-1670441",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications___7.2.1.0.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications___8.6.0.6",
"product": {
"name": "communications___8.6.0.6",
"product_id": "CSAFPID-1635327",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications___8.6.0.6:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications___8.6.0.8",
"product": {
"name": "communications___8.6.0.8",
"product_id": "CSAFPID-1635328",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications___8.6.0.8:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications___9.0.2",
"product": {
"name": "communications___9.0.2",
"product_id": "CSAFPID-1670440",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications___9.0.2:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications___9.0.3",
"product": {
"name": "communications___9.0.3",
"product_id": "CSAFPID-1635329",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications___9.0.3:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications___9.1.1.8.0",
"product": {
"name": "communications___9.1.1.8.0",
"product_id": "CSAFPID-1674643",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications___9.1.1.8.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications",
"product": {
"name": "communications_applications",
"product_id": "CSAFPID-1751386",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications",
"product": {
"name": "communications_applications",
"product_id": "CSAFPID-1674621",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications",
"product": {
"name": "communications_applications",
"product_id": "CSAFPID-1751381",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications:15.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications",
"product": {
"name": "communications_applications",
"product_id": "CSAFPID-1751383",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications:15.0.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications",
"product": {
"name": "communications_applications",
"product_id": "CSAFPID-1751378",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications",
"product": {
"name": "communications_applications",
"product_id": "CSAFPID-1751377",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications",
"product": {
"name": "communications_applications",
"product_id": "CSAFPID-1751385",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications",
"product": {
"name": "communications_applications",
"product_id": "CSAFPID-1674618",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications",
"product": {
"name": "communications_applications",
"product_id": "CSAFPID-1674619",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications:7.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications",
"product": {
"name": "communications_applications",
"product_id": "CSAFPID-1674622",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications:7.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications",
"product": {
"name": "communications_applications",
"product_id": "CSAFPID-1751384",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications:7.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications",
"product": {
"name": "communications_applications",
"product_id": "CSAFPID-1674617",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications",
"product": {
"name": "communications_applications",
"product_id": "CSAFPID-1674623",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications:7.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications",
"product": {
"name": "communications_applications",
"product_id": "CSAFPID-1751382",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications:8.0.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications",
"product": {
"name": "communications_applications",
"product_id": "CSAFPID-1751380",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications:8.1.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications",
"product": {
"name": "communications_applications",
"product_id": "CSAFPID-1751379",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications:8.1.0.26:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications",
"product": {
"name": "communications_applications",
"product_id": "CSAFPID-1674620",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications:8.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications___12.0.6.0.0",
"product": {
"name": "communications_applications___12.0.6.0.0",
"product_id": "CSAFPID-1674627",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications___12.0.6.0.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications___5.5.22",
"product": {
"name": "communications_applications___5.5.22",
"product_id": "CSAFPID-1674626",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications___5.5.22:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications___6.0.3",
"product": {
"name": "communications_applications___6.0.3",
"product_id": "CSAFPID-1674628",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications___6.0.3:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications___6.0.4",
"product": {
"name": "communications_applications___6.0.4",
"product_id": "CSAFPID-1674624",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications___6.0.4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_applications___6.0.5",
"product": {
"name": "communications_applications___6.0.5",
"product_id": "CSAFPID-1674625",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_applications___6.0.5:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_asap",
"product": {
"name": "communications_asap",
"product_id": "CSAFPID-816792",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_billing_and_revenue_management",
"product": {
"name": "communications_billing_and_revenue_management",
"product_id": "CSAFPID-764735",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_billing_and_revenue_management",
"product": {
"name": "communications_billing_and_revenue_management",
"product_id": "CSAFPID-1751255",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4-12.0.0.8:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_billing_and_revenue_management",
"product": {
"name": "communications_billing_and_revenue_management",
"product_id": "CSAFPID-1751254",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0-15.0.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_billing_and_revenue_management",
"product": {
"name": "communications_billing_and_revenue_management",
"product_id": "CSAFPID-816793",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_billing_and_revenue_management",
"product": {
"name": "communications_billing_and_revenue_management",
"product_id": "CSAFPID-912557",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_brm_-_elastic_charging_engine",
"product": {
"name": "communications_brm_-_elastic_charging_engine",
"product_id": "CSAFPID-764247",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_brm_-_elastic_charging_engine",
"product": {
"name": "communications_brm_-_elastic_charging_engine",
"product_id": "CSAFPID-1650820",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4-12.0.0.8:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_brm_-_elastic_charging_engine",
"product": {
"name": "communications_brm_-_elastic_charging_engine",
"product_id": "CSAFPID-912556",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_brm_-_elastic_charging_engine",
"product": {
"name": "communications_brm_-_elastic_charging_engine",
"product_id": "CSAFPID-1751303",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-220055",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-816765",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-816766",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-816767",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-1503577",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-1751300",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-764237",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-1650752",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-1673396",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-1751085",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-1751079",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_certificate_management",
"product": {
"name": "communications_cloud_native_core_certificate_management",
"product_id": "CSAFPID-1673526",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_certificate_management",
"product": {
"name": "communications_cloud_native_core_certificate_management",
"product_id": "CSAFPID-1673391",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_certificate_management",
"product": {
"name": "communications_cloud_native_core_certificate_management",
"product_id": "CSAFPID-1673394",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_certificate_management",
"product": {
"name": "communications_cloud_native_core_certificate_management",
"product_id": "CSAFPID-1751253",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-816768",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-816769",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-912085",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-1503578",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-1673389",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-1673390",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-1751090",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_dbtier",
"product": {
"name": "communications_cloud_native_core_dbtier",
"product_id": "CSAFPID-1673421",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_dbtier",
"product": {
"name": "communications_cloud_native_core_dbtier",
"product_id": "CSAFPID-1673420",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_dbtier",
"product": {
"name": "communications_cloud_native_core_dbtier",
"product_id": "CSAFPID-1751246",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_data_analytics_function",
"product": {
"name": "communications_cloud_native_core_network_data_analytics_function",
"product_id": "CSAFPID-816770",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_data_analytics_function",
"product": {
"name": "communications_cloud_native_core_network_data_analytics_function",
"product_id": "CSAFPID-816771",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_data_analytics_function",
"product": {
"name": "communications_cloud_native_core_network_data_analytics_function",
"product_id": "CSAFPID-912068",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_data_analytics_function",
"product": {
"name": "communications_cloud_native_core_network_data_analytics_function",
"product_id": "CSAFPID-1503579",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-816772",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-912076",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-1503580",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-219838",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-611387",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-816773",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912101",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-1503581",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-1751208",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-1751209",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912539",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912540",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912541",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912542",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912543",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-816774",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-816346",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-912077",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-1503322",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-1673413",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-1673415",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-1751231",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-816775",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-912544",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-816348",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-912545",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-816347",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-1673494",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-816776",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-816777",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-764240",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-1650751",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-1673517",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-1673395",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-912069",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-1751225",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-1751088",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-1751089",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-94291",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-816778",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-614517",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-912547",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-1673392",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-1503582",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-1673393",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-1751081",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-1751084",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-912546",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-224795",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-912548",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-912102",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-912549",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-1503583",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-1503584",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-1503585",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-1672767",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-1751241",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-764826",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-90016",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-912078",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-816349",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-912550",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-1503586",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-1503587",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-1751238",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-1751240",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-1673399",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-1751239",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-1751080",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-1751082",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-816779",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_converged_application_server",
"product": {
"name": "communications_converged_application_server",
"product_id": "CSAFPID-1751229",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_converged_application_server:8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_converged_application_server",
"product": {
"name": "communications_converged_application_server",
"product_id": "CSAFPID-1751230",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_converged_application_server:8.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_converged_charging_system",
"product": {
"name": "communications_converged_charging_system",
"product_id": "CSAFPID-1503599",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_converged_charging_system",
"product": {
"name": "communications_converged_charging_system",
"product_id": "CSAFPID-1503600",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergence",
"product": {
"name": "communications_convergence",
"product_id": "CSAFPID-1751292",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.2.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergence",
"product": {
"name": "communications_convergence",
"product_id": "CSAFPID-1751294",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergence",
"product": {
"name": "communications_convergence",
"product_id": "CSAFPID-224793",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergence",
"product": {
"name": "communications_convergence",
"product_id": "CSAFPID-1751295",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergence",
"product": {
"name": "communications_convergence",
"product_id": "CSAFPID-816794",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergent_charging_controller",
"product": {
"name": "communications_convergent_charging_controller",
"product_id": "CSAFPID-342793",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergent_charging_controller",
"product": {
"name": "communications_convergent_charging_controller",
"product_id": "CSAFPID-1650777",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergent_charging_controller",
"product": {
"name": "communications_convergent_charging_controller",
"product_id": "CSAFPID-1265",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergent_charging_controller",
"product": {
"name": "communications_convergent_charging_controller",
"product_id": "CSAFPID-816350",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergent_charging_controller",
"product": {
"name": "communications_convergent_charging_controller",
"product_id": "CSAFPID-1261",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_core_session_manager",
"product": {
"name": "communications_core_session_manager",
"product_id": "CSAFPID-1672764",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-1503588",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-1751104",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.3.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-40293",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-1751242",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-1751237",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0-9.0.2.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-1751097",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-611413",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-1751211",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-912551",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-912552",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_element_management_system",
"product": {
"name": "communications_eagle_element_management_system",
"product_id": "CSAFPID-1503316",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_element_management_system",
"product": {
"name": "communications_eagle_element_management_system",
"product_id": "CSAFPID-1503317",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_element_management_system",
"product": {
"name": "communications_eagle_element_management_system",
"product_id": "CSAFPID-1751243",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_element_management_system:47.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_element_manager",
"product": {
"name": "communications_element_manager",
"product_id": "CSAFPID-764242",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_element_manager",
"product": {
"name": "communications_element_manager",
"product_id": "CSAFPID-819413",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_element_manager",
"product": {
"name": "communications_element_manager",
"product_id": "CSAFPID-819414",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.2.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_element_manager",
"product": {
"name": "communications_element_manager",
"product_id": "CSAFPID-816780",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_fraud_monitor",
"product": {
"name": "communications_fraud_monitor",
"product_id": "CSAFPID-816781",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_fraud_monitor",
"product": {
"name": "communications_fraud_monitor",
"product_id": "CSAFPID-816782",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_fraud_monitor",
"product": {
"name": "communications_fraud_monitor",
"product_id": "CSAFPID-912553",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_instant_messaging_server",
"product": {
"name": "communications_instant_messaging_server",
"product_id": "CSAFPID-219803",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_ip_service_activator",
"product": {
"name": "communications_ip_service_activator",
"product_id": "CSAFPID-204622",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_ip_service_activator",
"product": {
"name": "communications_ip_service_activator",
"product_id": "CSAFPID-219909",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_messaging_server",
"product": {
"name": "communications_messaging_server",
"product_id": "CSAFPID-816351",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_messaging_server",
"product": {
"name": "communications_messaging_server",
"product_id": "CSAFPID-1751218",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.26:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_metasolv_solution",
"product": {
"name": "communications_metasolv_solution",
"product_id": "CSAFPID-611595",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816353",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816352",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-1503589",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-1503590",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-1673414",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816783",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816786",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816784",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816787",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816785",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816788",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_charging_and_control",
"product": {
"name": "communications_network_charging_and_control",
"product_id": "CSAFPID-342803",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_charging_and_control",
"product": {
"name": "communications_network_charging_and_control",
"product_id": "CSAFPID-1650778",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_charging_and_control",
"product": {
"name": "communications_network_charging_and_control",
"product_id": "CSAFPID-1266",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_charging_and_control",
"product": {
"name": "communications_network_charging_and_control",
"product_id": "CSAFPID-816354",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_charging_and_control",
"product": {
"name": "communications_network_charging_and_control",
"product_id": "CSAFPID-204563",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_integrity",
"product": {
"name": "communications_network_integrity",
"product_id": "CSAFPID-219776",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_offline_mediation_controller",
"product": {
"name": "communications_offline_mediation_controller",
"product_id": "CSAFPID-765242",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_offline_mediation_controller",
"product": {
"name": "communications_offline_mediation_controller",
"product_id": "CSAFPID-916906",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.8:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_offline_mediation_controller",
"product": {
"name": "communications_offline_mediation_controller",
"product_id": "CSAFPID-1751247",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:15.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_offline_mediation_controller",
"product": {
"name": "communications_offline_mediation_controller",
"product_id": "CSAFPID-1751248",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:15.0.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_operations_monitor",
"product": {
"name": "communications_operations_monitor",
"product_id": "CSAFPID-93781",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_operations_monitor",
"product": {
"name": "communications_operations_monitor",
"product_id": "CSAFPID-220132",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_operations_monitor",
"product": {
"name": "communications_operations_monitor",
"product_id": "CSAFPID-912079",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_order_and_service_management",
"product": {
"name": "communications_order_and_service_management",
"product_id": "CSAFPID-224790",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_order_and_service_management",
"product": {
"name": "communications_order_and_service_management",
"product_id": "CSAFPID-221118",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_order_and_service_management",
"product": {
"name": "communications_order_and_service_management",
"product_id": "CSAFPID-1673496",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_performance_intelligence",
"product": {
"name": "communications_performance_intelligence",
"product_id": "CSAFPID-1503591",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_policy_management",
"product": {
"name": "communications_policy_management",
"product_id": "CSAFPID-816789",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_policy_management",
"product": {
"name": "communications_policy_management",
"product_id": "CSAFPID-816790",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_pricing_design_center",
"product": {
"name": "communications_pricing_design_center",
"product_id": "CSAFPID-764738",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_pricing_design_center",
"product": {
"name": "communications_pricing_design_center",
"product_id": "CSAFPID-816355",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-1503601",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816359",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816358",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816357",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-912558",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-1751233",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-1503602",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-1751234",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.1.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816795",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816796",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816797",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-1503592",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-1503593",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-1672762",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-1503594",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-1503595",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_report_manager",
"product": {
"name": "communications_session_report_manager",
"product_id": "CSAFPID-342804",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_report_manager",
"product": {
"name": "communications_session_report_manager",
"product_id": "CSAFPID-819415",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_report_manager",
"product": {
"name": "communications_session_report_manager",
"product_id": "CSAFPID-819416",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.2.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_report_manager",
"product": {
"name": "communications_session_report_manager",
"product_id": "CSAFPID-816791",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-240600",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-1673382",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-1650731",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-1673530",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-1751235",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.1-6.0.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-1751296",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.4-6.0.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-764739",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-8984",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-204510",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-204569",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-219826",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-912073",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-1503596",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-1503597",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-1503598",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-1751217",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-912080",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-1673481",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:14.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-1751258",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:15.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_webrtc_session_controller",
"product": {
"name": "communications_webrtc_session_controller",
"product_id": "CSAFPID-912554",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41727",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673530"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-41727",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-41727.json"
}
],
"title": "CVE-2022-41727"
},
{
"cve": "CVE-2023-4408",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-4408",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4408.json"
}
],
"title": "CVE-2023-4408"
},
{
"cve": "CVE-2023-5678",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "other",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
},
{
"category": "other",
"text": "Unchecked Input for Loop Condition",
"title": "CWE-606"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764237",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-611387",
"CSAFPID-816773",
"CSAFPID-816348",
"CSAFPID-764240",
"CSAFPID-614517",
"CSAFPID-224795",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-342804",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-219776",
"CSAFPID-765242",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219826",
"CSAFPID-912073",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5678",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5678.json"
}
],
"title": "CVE-2023-5678"
},
{
"cve": "CVE-2023-5981",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "other",
"text": "Observable Discrepancy",
"title": "CWE-203"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1751217",
"CSAFPID-1673481"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5981",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5981.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1751217",
"CSAFPID-1673481"
]
}
],
"title": "CVE-2023-5981"
},
{
"cve": "CVE-2023-6597",
"cwe": {
"id": "CWE-61",
"name": "UNIX Symbolic Link (Symlink) Following"
},
"notes": [
{
"category": "other",
"text": "UNIX Symbolic Link (Symlink) Following",
"title": "CWE-61"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673395",
"CSAFPID-1673420",
"CSAFPID-1673421",
"CSAFPID-1673396",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1751097"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-6597",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6597.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673395",
"CSAFPID-1673420",
"CSAFPID-1673421",
"CSAFPID-1673396",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1751097"
]
}
],
"title": "CVE-2023-6597"
},
{
"cve": "CVE-2023-7256",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220132",
"CSAFPID-1751084",
"CSAFPID-912079"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-7256",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7256.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-220132",
"CSAFPID-1751084",
"CSAFPID-912079"
]
}
],
"title": "CVE-2023-7256"
},
{
"cve": "CVE-2023-29407",
"cwe": {
"id": "CWE-834",
"name": "Excessive Iteration"
},
"notes": [
{
"category": "other",
"text": "Excessive Iteration",
"title": "CWE-834"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673530"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-29407",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29407.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673530"
]
}
],
"title": "CVE-2023-29407"
},
{
"cve": "CVE-2023-29408",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673530",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-29408",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29408.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673530",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2023-29408"
},
{
"cve": "CVE-2023-40577",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751208",
"CSAFPID-1751209"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-40577",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-40577.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1751208",
"CSAFPID-1751209"
]
}
],
"title": "CVE-2023-40577"
},
{
"cve": "CVE-2023-46218",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-90016",
"CSAFPID-93781",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-220132",
"CSAFPID-224795",
"CSAFPID-342804",
"CSAFPID-611387",
"CSAFPID-611413",
"CSAFPID-614517",
"CSAFPID-764237",
"CSAFPID-764240",
"CSAFPID-764242",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-764739",
"CSAFPID-764826",
"CSAFPID-765242",
"CSAFPID-816348",
"CSAFPID-816773",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912068",
"CSAFPID-912073",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-1751211"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46218",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46218.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-90016",
"CSAFPID-93781",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-220132",
"CSAFPID-224795",
"CSAFPID-342804",
"CSAFPID-611387",
"CSAFPID-611413",
"CSAFPID-614517",
"CSAFPID-764237",
"CSAFPID-764240",
"CSAFPID-764242",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-764739",
"CSAFPID-764826",
"CSAFPID-765242",
"CSAFPID-816348",
"CSAFPID-816773",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912068",
"CSAFPID-912073",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-1751211"
]
}
],
"title": "CVE-2023-46218"
},
{
"cve": "CVE-2023-46219",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "other",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-611387",
"CSAFPID-912539",
"CSAFPID-816773",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912101",
"CSAFPID-912544",
"CSAFPID-912077",
"CSAFPID-816348",
"CSAFPID-912545",
"CSAFPID-764240",
"CSAFPID-912546",
"CSAFPID-614517",
"CSAFPID-912547",
"CSAFPID-224795",
"CSAFPID-912548",
"CSAFPID-912102",
"CSAFPID-912549",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-912078",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912553",
"CSAFPID-93781",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-220132",
"CSAFPID-342804",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-764739",
"CSAFPID-765242",
"CSAFPID-912073",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-1751211"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46219",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46219.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-611387",
"CSAFPID-912539",
"CSAFPID-816773",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912101",
"CSAFPID-912544",
"CSAFPID-912077",
"CSAFPID-816348",
"CSAFPID-912545",
"CSAFPID-764240",
"CSAFPID-912546",
"CSAFPID-614517",
"CSAFPID-912547",
"CSAFPID-224795",
"CSAFPID-912548",
"CSAFPID-912102",
"CSAFPID-912549",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-912078",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912553",
"CSAFPID-93781",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-220132",
"CSAFPID-342804",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-764739",
"CSAFPID-765242",
"CSAFPID-912073",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-1751211"
]
}
],
"title": "CVE-2023-46219"
},
{
"cve": "CVE-2023-46604",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-94291",
"CSAFPID-40293",
"CSAFPID-1265",
"CSAFPID-1261",
"CSAFPID-1266",
"CSAFPID-8984",
"CSAFPID-764237",
"CSAFPID-764240",
"CSAFPID-224795",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-219776",
"CSAFPID-765242",
"CSAFPID-764739",
"CSAFPID-219826",
"CSAFPID-204510",
"CSAFPID-204563",
"CSAFPID-204569",
"CSAFPID-204622",
"CSAFPID-219803",
"CSAFPID-219838",
"CSAFPID-219909",
"CSAFPID-221118",
"CSAFPID-224790",
"CSAFPID-224793",
"CSAFPID-240600",
"CSAFPID-342793",
"CSAFPID-342803",
"CSAFPID-342804",
"CSAFPID-611387",
"CSAFPID-611413",
"CSAFPID-611595",
"CSAFPID-614517",
"CSAFPID-764242",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-764738",
"CSAFPID-816346",
"CSAFPID-816347",
"CSAFPID-816348",
"CSAFPID-816349",
"CSAFPID-816350",
"CSAFPID-816351",
"CSAFPID-816352",
"CSAFPID-816353",
"CSAFPID-816354",
"CSAFPID-816355",
"CSAFPID-816357",
"CSAFPID-816358",
"CSAFPID-816359",
"CSAFPID-816765",
"CSAFPID-816766",
"CSAFPID-816767",
"CSAFPID-816768",
"CSAFPID-816769",
"CSAFPID-816770",
"CSAFPID-816771",
"CSAFPID-816772",
"CSAFPID-816773",
"CSAFPID-816774",
"CSAFPID-816775",
"CSAFPID-816776",
"CSAFPID-816777",
"CSAFPID-816778",
"CSAFPID-816779",
"CSAFPID-816780",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-816783",
"CSAFPID-816784",
"CSAFPID-816785",
"CSAFPID-816786",
"CSAFPID-816787",
"CSAFPID-816788",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-816791",
"CSAFPID-816792",
"CSAFPID-816793",
"CSAFPID-816794",
"CSAFPID-816795",
"CSAFPID-816796",
"CSAFPID-816797",
"CSAFPID-912068",
"CSAFPID-912073",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-1751104"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46604",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46604.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-94291",
"CSAFPID-40293",
"CSAFPID-1265",
"CSAFPID-1261",
"CSAFPID-1266",
"CSAFPID-8984",
"CSAFPID-764237",
"CSAFPID-764240",
"CSAFPID-224795",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-219776",
"CSAFPID-765242",
"CSAFPID-764739",
"CSAFPID-219826",
"CSAFPID-204510",
"CSAFPID-204563",
"CSAFPID-204569",
"CSAFPID-204622",
"CSAFPID-219803",
"CSAFPID-219838",
"CSAFPID-219909",
"CSAFPID-221118",
"CSAFPID-224790",
"CSAFPID-224793",
"CSAFPID-240600",
"CSAFPID-342793",
"CSAFPID-342803",
"CSAFPID-342804",
"CSAFPID-611387",
"CSAFPID-611413",
"CSAFPID-611595",
"CSAFPID-614517",
"CSAFPID-764242",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-764738",
"CSAFPID-816346",
"CSAFPID-816347",
"CSAFPID-816348",
"CSAFPID-816349",
"CSAFPID-816350",
"CSAFPID-816351",
"CSAFPID-816352",
"CSAFPID-816353",
"CSAFPID-816354",
"CSAFPID-816355",
"CSAFPID-816357",
"CSAFPID-816358",
"CSAFPID-816359",
"CSAFPID-816765",
"CSAFPID-816766",
"CSAFPID-816767",
"CSAFPID-816768",
"CSAFPID-816769",
"CSAFPID-816770",
"CSAFPID-816771",
"CSAFPID-816772",
"CSAFPID-816773",
"CSAFPID-816774",
"CSAFPID-816775",
"CSAFPID-816776",
"CSAFPID-816777",
"CSAFPID-816778",
"CSAFPID-816779",
"CSAFPID-816780",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-816783",
"CSAFPID-816784",
"CSAFPID-816785",
"CSAFPID-816786",
"CSAFPID-816787",
"CSAFPID-816788",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-816791",
"CSAFPID-816792",
"CSAFPID-816793",
"CSAFPID-816794",
"CSAFPID-816795",
"CSAFPID-816796",
"CSAFPID-816797",
"CSAFPID-912068",
"CSAFPID-912073",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-1751104"
]
}
],
"title": "CVE-2023-46604"
},
{
"cve": "CVE-2023-50868",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-50868",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50868.json"
}
],
"title": "CVE-2023-50868"
},
{
"cve": "CVE-2024-0232",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650777",
"CSAFPID-1650778",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1751218",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0232",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0232.json"
}
],
"title": "CVE-2024-0232"
},
{
"cve": "CVE-2024-0397",
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1673530"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0397",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0397.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1673530"
]
}
],
"title": "CVE-2024-0397"
},
{
"cve": "CVE-2024-0450",
"cwe": {
"id": "CWE-450",
"name": "Multiple Interpretations of UI Input"
},
"notes": [
{
"category": "other",
"text": "Multiple Interpretations of UI Input",
"title": "CWE-450"
},
{
"category": "other",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1635310",
"CSAFPID-1635311",
"CSAFPID-1635312",
"CSAFPID-1635313",
"CSAFPID-1635314",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635317",
"CSAFPID-1635318",
"CSAFPID-1635319",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1635322",
"CSAFPID-1635323",
"CSAFPID-1635324",
"CSAFPID-1635325",
"CSAFPID-1635326",
"CSAFPID-1635327",
"CSAFPID-1635328",
"CSAFPID-1635329",
"CSAFPID-1673420",
"CSAFPID-1673421",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1674636",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1727475",
"CSAFPID-1751097"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0450",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1635310",
"CSAFPID-1635311",
"CSAFPID-1635312",
"CSAFPID-1635313",
"CSAFPID-1635314",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635317",
"CSAFPID-1635318",
"CSAFPID-1635319",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1635322",
"CSAFPID-1635323",
"CSAFPID-1635324",
"CSAFPID-1635325",
"CSAFPID-1635326",
"CSAFPID-1635327",
"CSAFPID-1635328",
"CSAFPID-1635329",
"CSAFPID-1673420",
"CSAFPID-1673421",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1674636",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1727475",
"CSAFPID-1751097"
]
}
],
"title": "CVE-2024-0450"
},
{
"cve": "CVE-2024-1442",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "other",
"text": "Improper Privilege Management",
"title": "CWE-269"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673530",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-1442",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1442.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1673530",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-1442"
},
{
"cve": "CVE-2024-2961",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1635310",
"CSAFPID-1635311",
"CSAFPID-1635312",
"CSAFPID-1635313",
"CSAFPID-1635314",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635317",
"CSAFPID-1635318",
"CSAFPID-1635319",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1635322",
"CSAFPID-1635323",
"CSAFPID-1635324",
"CSAFPID-1635325",
"CSAFPID-1635326",
"CSAFPID-1635327",
"CSAFPID-1635328",
"CSAFPID-1635329",
"CSAFPID-1672762",
"CSAFPID-1672764",
"CSAFPID-1672767",
"CSAFPID-1673396",
"CSAFPID-1673395",
"CSAFPID-1673494",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1727475",
"CSAFPID-1751097",
"CSAFPID-1751237"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2961",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1635310",
"CSAFPID-1635311",
"CSAFPID-1635312",
"CSAFPID-1635313",
"CSAFPID-1635314",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635317",
"CSAFPID-1635318",
"CSAFPID-1635319",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1635322",
"CSAFPID-1635323",
"CSAFPID-1635324",
"CSAFPID-1635325",
"CSAFPID-1635326",
"CSAFPID-1635327",
"CSAFPID-1635328",
"CSAFPID-1635329",
"CSAFPID-1672762",
"CSAFPID-1672764",
"CSAFPID-1672767",
"CSAFPID-1673396",
"CSAFPID-1673395",
"CSAFPID-1673494",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1727475",
"CSAFPID-1751097",
"CSAFPID-1751237"
]
}
],
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-3596",
"cwe": {
"id": "CWE-924",
"name": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel"
},
"notes": [
{
"category": "other",
"text": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
"title": "CWE-924"
},
{
"category": "other",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "other",
"text": "Authentication Bypass by Capture-replay",
"title": "CWE-294"
},
{
"category": "other",
"text": "Use of Password Hash Instead of Password for Authentication",
"title": "CWE-836"
},
{
"category": "other",
"text": "Use of a Broken or Risky Cryptographic Algorithm",
"title": "CWE-327"
},
{
"category": "other",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
},
{
"category": "other",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751090",
"CSAFPID-912079",
"CSAFPID-220132",
"CSAFPID-1751253"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-3596",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-3596.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751090",
"CSAFPID-912079",
"CSAFPID-220132",
"CSAFPID-1751253"
]
}
],
"title": "CVE-2024-3596"
},
{
"cve": "CVE-2024-4030",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "other",
"text": "Incorrect Default Permissions",
"title": "CWE-276"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673530"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4030",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4030.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673530"
]
}
],
"title": "CVE-2024-4030"
},
{
"cve": "CVE-2024-4032",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "other",
"text": "Expected Behavior Violation",
"title": "CWE-440"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673530"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4032",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4032.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673530"
]
}
],
"title": "CVE-2024-4032"
},
{
"cve": "CVE-2024-5535",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Dependency on Vulnerable Third-Party Component",
"title": "CWE-1395"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751090",
"CSAFPID-1751253"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-5535",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751090",
"CSAFPID-1751253"
]
}
],
"title": "CVE-2024-5535"
},
{
"cve": "CVE-2024-6119",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751209"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6119",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6119.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751209"
]
}
],
"title": "CVE-2024-6119"
},
{
"cve": "CVE-2024-6162",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1635310",
"CSAFPID-1635311",
"CSAFPID-1635312",
"CSAFPID-1635313",
"CSAFPID-1635314",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635317",
"CSAFPID-1635318",
"CSAFPID-1635319",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1635322",
"CSAFPID-1635323",
"CSAFPID-1635324",
"CSAFPID-1635325",
"CSAFPID-1635326",
"CSAFPID-1635327",
"CSAFPID-1635328",
"CSAFPID-1635329",
"CSAFPID-1650752",
"CSAFPID-1650751",
"CSAFPID-1673526",
"CSAFPID-1673399",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1674636",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1727475",
"CSAFPID-1751303",
"CSAFPID-1650820",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6162",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1635310",
"CSAFPID-1635311",
"CSAFPID-1635312",
"CSAFPID-1635313",
"CSAFPID-1635314",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635317",
"CSAFPID-1635318",
"CSAFPID-1635319",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1635322",
"CSAFPID-1635323",
"CSAFPID-1635324",
"CSAFPID-1635325",
"CSAFPID-1635326",
"CSAFPID-1635327",
"CSAFPID-1635328",
"CSAFPID-1635329",
"CSAFPID-1650752",
"CSAFPID-1650751",
"CSAFPID-1673526",
"CSAFPID-1673399",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1674636",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1727475",
"CSAFPID-1751303",
"CSAFPID-1650820",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-6162"
},
{
"cve": "CVE-2024-6232",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673530"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6232",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673530"
]
}
],
"title": "CVE-2024-6232"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
}
],
"product_status": {
"known_affected": [
"CSAFPID-912549",
"CSAFPID-1672767",
"CSAFPID-1503585",
"CSAFPID-1673391",
"CSAFPID-1673394",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1751225",
"CSAFPID-1751233",
"CSAFPID-1673530",
"CSAFPID-1751234",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7254",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-912549",
"CSAFPID-1672767",
"CSAFPID-1503585",
"CSAFPID-1673391",
"CSAFPID-1673394",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1751225",
"CSAFPID-1751233",
"CSAFPID-1673530",
"CSAFPID-1751234",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-7592",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673530",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7592",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673530",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-7592"
},
{
"cve": "CVE-2024-7885",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673526",
"CSAFPID-1673399",
"CSAFPID-1751080",
"CSAFPID-1751090",
"CSAFPID-1751079",
"CSAFPID-1751225",
"CSAFPID-1672767",
"CSAFPID-1751241",
"CSAFPID-1751081",
"CSAFPID-1751084",
"CSAFPID-1673393",
"CSAFPID-1751085",
"CSAFPID-1751231"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7885",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7885.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673526",
"CSAFPID-1673399",
"CSAFPID-1751080",
"CSAFPID-1751090",
"CSAFPID-1751079",
"CSAFPID-1751225",
"CSAFPID-1672767",
"CSAFPID-1751241",
"CSAFPID-1751081",
"CSAFPID-1751084",
"CSAFPID-1673393",
"CSAFPID-1751085",
"CSAFPID-1751231"
]
}
],
"title": "CVE-2024-7885"
},
{
"cve": "CVE-2024-8006",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220132",
"CSAFPID-1751084",
"CSAFPID-912079"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8006",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8006.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-220132",
"CSAFPID-1751084",
"CSAFPID-912079"
]
}
],
"title": "CVE-2024-8006"
},
{
"cve": "CVE-2024-9143",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751253"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-9143",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json"
}
],
"title": "CVE-2024-9143"
},
{
"cve": "CVE-2024-22195",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764237",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-611387",
"CSAFPID-816773",
"CSAFPID-912077",
"CSAFPID-816348",
"CSAFPID-764240",
"CSAFPID-614517",
"CSAFPID-224795",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-912078",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-342804",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-219776",
"CSAFPID-765242",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219826",
"CSAFPID-912073",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-1751225",
"CSAFPID-1751079",
"CSAFPID-1751081",
"CSAFPID-1673393",
"CSAFPID-1751085"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22195",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22195.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-764237",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-611387",
"CSAFPID-816773",
"CSAFPID-912077",
"CSAFPID-816348",
"CSAFPID-764240",
"CSAFPID-614517",
"CSAFPID-224795",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-912078",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-342804",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-219776",
"CSAFPID-765242",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219826",
"CSAFPID-912073",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-1751225",
"CSAFPID-1751079",
"CSAFPID-1751081",
"CSAFPID-1673393",
"CSAFPID-1751085"
]
}
],
"title": "CVE-2024-22195"
},
{
"cve": "CVE-2024-24786",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673530",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24786",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24786.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673530",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-24786"
},
{
"cve": "CVE-2024-24791",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751208",
"CSAFPID-1751209"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24791",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24791.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751208",
"CSAFPID-1751209"
]
}
],
"title": "CVE-2024-24791"
},
{
"cve": "CVE-2024-25638",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"category": "other",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
},
{
"category": "other",
"text": "Acceptance of Extraneous Untrusted Data With Trusted Data",
"title": "CWE-349"
}
],
"product_status": {
"known_affected": [
"CSAFPID-912549",
"CSAFPID-1672767",
"CSAFPID-1503585",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1751225",
"CSAFPID-1751079",
"CSAFPID-1751229",
"CSAFPID-1751230",
"CSAFPID-1751081",
"CSAFPID-1751084",
"CSAFPID-1673393",
"CSAFPID-1751085",
"CSAFPID-1751231"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25638",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25638.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.9,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-912549",
"CSAFPID-1672767",
"CSAFPID-1503585",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1751225",
"CSAFPID-1751079",
"CSAFPID-1751229",
"CSAFPID-1751230",
"CSAFPID-1751081",
"CSAFPID-1751084",
"CSAFPID-1673393",
"CSAFPID-1751085",
"CSAFPID-1751231"
]
}
],
"title": "CVE-2024-25638"
},
{
"cve": "CVE-2024-25710",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1635310",
"CSAFPID-1635311",
"CSAFPID-1635312",
"CSAFPID-1635313",
"CSAFPID-1635314",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635317",
"CSAFPID-1635318",
"CSAFPID-1635319",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1635322",
"CSAFPID-1635323",
"CSAFPID-1635324",
"CSAFPID-1635325",
"CSAFPID-1635326",
"CSAFPID-1635327",
"CSAFPID-1635328",
"CSAFPID-1635329",
"CSAFPID-1673389",
"CSAFPID-1673390",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-611387",
"CSAFPID-816773",
"CSAFPID-912101",
"CSAFPID-912077",
"CSAFPID-816348",
"CSAFPID-764240",
"CSAFPID-614517",
"CSAFPID-224795",
"CSAFPID-912102",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-912078",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-342804",
"CSAFPID-912080",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-219776",
"CSAFPID-765242",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219826",
"CSAFPID-912073",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-1727475",
"CSAFPID-1751218"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25710",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1635310",
"CSAFPID-1635311",
"CSAFPID-1635312",
"CSAFPID-1635313",
"CSAFPID-1635314",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635317",
"CSAFPID-1635318",
"CSAFPID-1635319",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1635322",
"CSAFPID-1635323",
"CSAFPID-1635324",
"CSAFPID-1635325",
"CSAFPID-1635326",
"CSAFPID-1635327",
"CSAFPID-1635328",
"CSAFPID-1635329",
"CSAFPID-1673389",
"CSAFPID-1673390",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-611387",
"CSAFPID-816773",
"CSAFPID-912101",
"CSAFPID-912077",
"CSAFPID-816348",
"CSAFPID-764240",
"CSAFPID-614517",
"CSAFPID-224795",
"CSAFPID-912102",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-912078",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-342804",
"CSAFPID-912080",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-219776",
"CSAFPID-765242",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219826",
"CSAFPID-912073",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-1727475",
"CSAFPID-1751218"
]
}
],
"title": "CVE-2024-25710"
},
{
"cve": "CVE-2024-26308",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1635310",
"CSAFPID-1635311",
"CSAFPID-1635312",
"CSAFPID-1635313",
"CSAFPID-1635314",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635317",
"CSAFPID-1635318",
"CSAFPID-1635319",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1635322",
"CSAFPID-1635323",
"CSAFPID-1635324",
"CSAFPID-1635325",
"CSAFPID-1635326",
"CSAFPID-1635327",
"CSAFPID-1635328",
"CSAFPID-1635329",
"CSAFPID-1673389",
"CSAFPID-1673390",
"CSAFPID-1674629",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1674636",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1670429",
"CSAFPID-1670430",
"CSAFPID-1670431",
"CSAFPID-1670432",
"CSAFPID-1670433",
"CSAFPID-1670434",
"CSAFPID-1670435",
"CSAFPID-1670436",
"CSAFPID-1670437",
"CSAFPID-1670438",
"CSAFPID-1670439",
"CSAFPID-1670440",
"CSAFPID-1670441",
"CSAFPID-1670442",
"CSAFPID-90016",
"CSAFPID-93781",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-220132",
"CSAFPID-224795",
"CSAFPID-342804",
"CSAFPID-611387",
"CSAFPID-611413",
"CSAFPID-614517",
"CSAFPID-764237",
"CSAFPID-764240",
"CSAFPID-764242",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-764739",
"CSAFPID-764826",
"CSAFPID-765242",
"CSAFPID-816348",
"CSAFPID-816773",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912068",
"CSAFPID-912073",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-1727475",
"CSAFPID-1751218",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26308",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1635310",
"CSAFPID-1635311",
"CSAFPID-1635312",
"CSAFPID-1635313",
"CSAFPID-1635314",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635317",
"CSAFPID-1635318",
"CSAFPID-1635319",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1635322",
"CSAFPID-1635323",
"CSAFPID-1635324",
"CSAFPID-1635325",
"CSAFPID-1635326",
"CSAFPID-1635327",
"CSAFPID-1635328",
"CSAFPID-1635329",
"CSAFPID-1673389",
"CSAFPID-1673390",
"CSAFPID-1674629",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1674636",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1670429",
"CSAFPID-1670430",
"CSAFPID-1670431",
"CSAFPID-1670432",
"CSAFPID-1670433",
"CSAFPID-1670434",
"CSAFPID-1670435",
"CSAFPID-1670436",
"CSAFPID-1670437",
"CSAFPID-1670438",
"CSAFPID-1670439",
"CSAFPID-1670440",
"CSAFPID-1670441",
"CSAFPID-1670442",
"CSAFPID-90016",
"CSAFPID-93781",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-220132",
"CSAFPID-224795",
"CSAFPID-342804",
"CSAFPID-611387",
"CSAFPID-611413",
"CSAFPID-614517",
"CSAFPID-764237",
"CSAFPID-764240",
"CSAFPID-764242",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-764739",
"CSAFPID-764826",
"CSAFPID-765242",
"CSAFPID-816348",
"CSAFPID-816773",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912068",
"CSAFPID-912073",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-1727475",
"CSAFPID-1751218",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-27309",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751233",
"CSAFPID-1751234",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-27309",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27309.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1751233",
"CSAFPID-1751234",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-27309"
},
{
"cve": "CVE-2024-28219",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "other",
"text": "Use of Potentially Dangerous Function",
"title": "CWE-676"
},
{
"category": "other",
"text": "Integer Overflow to Buffer Overflow",
"title": "CWE-680"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751079",
"CSAFPID-1751225",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1751085",
"CSAFPID-912547"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28219",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28219.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751079",
"CSAFPID-1751225",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1751085",
"CSAFPID-912547"
]
}
],
"title": "CVE-2024-28219"
},
{
"cve": "CVE-2024-28834",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Use of a Broken or Risky Cryptographic Algorithm",
"title": "CWE-327"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673481",
"CSAFPID-1751217",
"CSAFPID-1503590"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28834",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28834.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673481",
"CSAFPID-1751217",
"CSAFPID-1503590"
]
}
],
"title": "CVE-2024-28834"
},
{
"cve": "CVE-2024-28835",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "other",
"text": "Uncaught Exception",
"title": "CWE-248"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673481",
"CSAFPID-1751217",
"CSAFPID-1503590"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28835",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28835.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673481",
"CSAFPID-1751217",
"CSAFPID-1503590"
]
}
],
"title": "CVE-2024-28835"
},
{
"cve": "CVE-2024-28849",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1635310",
"CSAFPID-1635311",
"CSAFPID-1635312",
"CSAFPID-1635313",
"CSAFPID-1635314",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635317",
"CSAFPID-1635318",
"CSAFPID-1635319",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1635322",
"CSAFPID-1635323",
"CSAFPID-1635324",
"CSAFPID-1635325",
"CSAFPID-1635326",
"CSAFPID-1635327",
"CSAFPID-1635328",
"CSAFPID-1635329",
"CSAFPID-1673414",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1674636",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1727475",
"CSAFPID-1751235",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28849",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1635310",
"CSAFPID-1635311",
"CSAFPID-1635312",
"CSAFPID-1635313",
"CSAFPID-1635314",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635317",
"CSAFPID-1635318",
"CSAFPID-1635319",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1635322",
"CSAFPID-1635323",
"CSAFPID-1635324",
"CSAFPID-1635325",
"CSAFPID-1635326",
"CSAFPID-1635327",
"CSAFPID-1635328",
"CSAFPID-1635329",
"CSAFPID-1673414",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1674636",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1727475",
"CSAFPID-1751235",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1635310",
"CSAFPID-1635311",
"CSAFPID-1635312",
"CSAFPID-1635313",
"CSAFPID-1635314",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635317",
"CSAFPID-1635318",
"CSAFPID-1635319",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1635322",
"CSAFPID-1635323",
"CSAFPID-1635324",
"CSAFPID-1635325",
"CSAFPID-1635326",
"CSAFPID-1635327",
"CSAFPID-1635328",
"CSAFPID-1635329",
"CSAFPID-1650752",
"CSAFPID-1650751",
"CSAFPID-1673494",
"CSAFPID-1673420",
"CSAFPID-1673421",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1674636",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1727475",
"CSAFPID-1751233",
"CSAFPID-1751218",
"CSAFPID-1751234",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29025",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1635310",
"CSAFPID-1635311",
"CSAFPID-1635312",
"CSAFPID-1635313",
"CSAFPID-1635314",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635317",
"CSAFPID-1635318",
"CSAFPID-1635319",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1635322",
"CSAFPID-1635323",
"CSAFPID-1635324",
"CSAFPID-1635325",
"CSAFPID-1635326",
"CSAFPID-1635327",
"CSAFPID-1635328",
"CSAFPID-1635329",
"CSAFPID-1650752",
"CSAFPID-1650751",
"CSAFPID-1673494",
"CSAFPID-1673420",
"CSAFPID-1673421",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1674636",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1727475",
"CSAFPID-1751233",
"CSAFPID-1751218",
"CSAFPID-1751234",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-29131",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650820",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-1673496",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1673530"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29131",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29131.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650820",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-1673496",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1673530"
]
}
],
"title": "CVE-2024-29131"
},
{
"cve": "CVE-2024-29133",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650820",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-1673496",
"CSAFPID-1674617",
"CSAFPID-1674618",
"CSAFPID-1674619",
"CSAFPID-1674620",
"CSAFPID-1674621",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1674624",
"CSAFPID-1674625",
"CSAFPID-1674626",
"CSAFPID-1674627",
"CSAFPID-1674628",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1673530",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29133",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1650820",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-1673496",
"CSAFPID-1674617",
"CSAFPID-1674618",
"CSAFPID-1674619",
"CSAFPID-1674620",
"CSAFPID-1674621",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1674624",
"CSAFPID-1674625",
"CSAFPID-1674626",
"CSAFPID-1674627",
"CSAFPID-1674628",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1673530",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-29133"
},
{
"cve": "CVE-2024-33599",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"product_status": {
"known_affected": [
"CSAFPID-912549",
"CSAFPID-1673396",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1672762",
"CSAFPID-1673395",
"CSAFPID-1672764",
"CSAFPID-1672767",
"CSAFPID-1503585",
"CSAFPID-1673494",
"CSAFPID-1751237"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-33599",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33599.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-912549",
"CSAFPID-1673396",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1672762",
"CSAFPID-1673395",
"CSAFPID-1672764",
"CSAFPID-1672767",
"CSAFPID-1503585",
"CSAFPID-1673494",
"CSAFPID-1751237"
]
}
],
"title": "CVE-2024-33599"
},
{
"cve": "CVE-2024-33600",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-912549",
"CSAFPID-1673396",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1672762",
"CSAFPID-1673395",
"CSAFPID-1672764",
"CSAFPID-1672767",
"CSAFPID-1503585",
"CSAFPID-1673494",
"CSAFPID-1751237"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-33600",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33600.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-912549",
"CSAFPID-1673396",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1672762",
"CSAFPID-1673395",
"CSAFPID-1672764",
"CSAFPID-1672767",
"CSAFPID-1503585",
"CSAFPID-1673494",
"CSAFPID-1751237"
]
}
],
"title": "CVE-2024-33600"
},
{
"cve": "CVE-2024-33601",
"cwe": {
"id": "CWE-703",
"name": "Improper Check or Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "other",
"text": "Reachable Assertion",
"title": "CWE-617"
}
],
"product_status": {
"known_affected": [
"CSAFPID-912549",
"CSAFPID-1673396",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1672762",
"CSAFPID-1673395",
"CSAFPID-1672764",
"CSAFPID-1672767",
"CSAFPID-1503585",
"CSAFPID-1673494",
"CSAFPID-1751237"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-33601",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33601.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-912549",
"CSAFPID-1673396",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1672762",
"CSAFPID-1673395",
"CSAFPID-1672764",
"CSAFPID-1672767",
"CSAFPID-1503585",
"CSAFPID-1673494",
"CSAFPID-1751237"
]
}
],
"title": "CVE-2024-33601"
},
{
"cve": "CVE-2024-33602",
"cwe": {
"id": "CWE-466",
"name": "Return of Pointer Value Outside of Expected Range"
},
"notes": [
{
"category": "other",
"text": "Return of Pointer Value Outside of Expected Range",
"title": "CWE-466"
},
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
}
],
"product_status": {
"known_affected": [
"CSAFPID-912549",
"CSAFPID-1673396",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1672762",
"CSAFPID-1673395",
"CSAFPID-1672764",
"CSAFPID-1672767",
"CSAFPID-1503585",
"CSAFPID-1673494",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1751237"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-33602",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-912549",
"CSAFPID-1673396",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1672762",
"CSAFPID-1673395",
"CSAFPID-1672764",
"CSAFPID-1672767",
"CSAFPID-1503585",
"CSAFPID-1673494",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1751237"
]
}
],
"title": "CVE-2024-33602"
},
{
"cve": "CVE-2024-34064",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1635310",
"CSAFPID-1635311",
"CSAFPID-1635312",
"CSAFPID-1635313",
"CSAFPID-1635314",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635317",
"CSAFPID-1635318",
"CSAFPID-1635319",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1635322",
"CSAFPID-1635323",
"CSAFPID-1635324",
"CSAFPID-1635325",
"CSAFPID-1635326",
"CSAFPID-1635327",
"CSAFPID-1635328",
"CSAFPID-1635329",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1727475",
"CSAFPID-1751238",
"CSAFPID-1751225",
"CSAFPID-1751079",
"CSAFPID-1751081",
"CSAFPID-1673393",
"CSAFPID-1751239",
"CSAFPID-1751082",
"CSAFPID-1751240",
"CSAFPID-1672767",
"CSAFPID-1751241",
"CSAFPID-1673481",
"CSAFPID-1751085"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34064",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1635310",
"CSAFPID-1635311",
"CSAFPID-1635312",
"CSAFPID-1635313",
"CSAFPID-1635314",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635317",
"CSAFPID-1635318",
"CSAFPID-1635319",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1635322",
"CSAFPID-1635323",
"CSAFPID-1635324",
"CSAFPID-1635325",
"CSAFPID-1635326",
"CSAFPID-1635327",
"CSAFPID-1635328",
"CSAFPID-1635329",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816792",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1727475",
"CSAFPID-1751238",
"CSAFPID-1751225",
"CSAFPID-1751079",
"CSAFPID-1751081",
"CSAFPID-1673393",
"CSAFPID-1751239",
"CSAFPID-1751082",
"CSAFPID-1751240",
"CSAFPID-1672767",
"CSAFPID-1751241",
"CSAFPID-1673481",
"CSAFPID-1751085"
]
}
],
"title": "CVE-2024-34064"
},
{
"cve": "CVE-2024-34750",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673481",
"CSAFPID-1503596",
"CSAFPID-1673420",
"CSAFPID-1673421",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1751242",
"CSAFPID-1751243",
"CSAFPID-1751079",
"CSAFPID-1751225",
"CSAFPID-1751085"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34750",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673481",
"CSAFPID-1503596",
"CSAFPID-1673420",
"CSAFPID-1673421",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1751242",
"CSAFPID-1751243",
"CSAFPID-1751079",
"CSAFPID-1751225",
"CSAFPID-1751085"
]
}
],
"title": "CVE-2024-34750"
},
{
"cve": "CVE-2024-35195",
"cwe": {
"id": "CWE-670",
"name": "Always-Incorrect Control Flow Implementation"
},
"notes": [
{
"category": "other",
"text": "Always-Incorrect Control Flow Implementation",
"title": "CWE-670"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751246",
"CSAFPID-1751247",
"CSAFPID-1751248",
"CSAFPID-1673530",
"CSAFPID-1673393",
"CSAFPID-1751239",
"CSAFPID-220132",
"CSAFPID-1751082",
"CSAFPID-1672767",
"CSAFPID-1751241",
"CSAFPID-912079",
"CSAFPID-916906",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35195",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35195.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1751246",
"CSAFPID-1751247",
"CSAFPID-1751248",
"CSAFPID-1673530",
"CSAFPID-1673393",
"CSAFPID-1751239",
"CSAFPID-220132",
"CSAFPID-1751082",
"CSAFPID-1672767",
"CSAFPID-1751241",
"CSAFPID-912079",
"CSAFPID-916906",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-35195"
},
{
"cve": "CVE-2024-37370",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
}
],
"product_status": {
"known_affected": [
"CSAFPID-912549",
"CSAFPID-1673413",
"CSAFPID-1673414",
"CSAFPID-1673396",
"CSAFPID-1503590",
"CSAFPID-1673393",
"CSAFPID-1673395",
"CSAFPID-1673399",
"CSAFPID-1672767",
"CSAFPID-1503585",
"CSAFPID-1673392",
"CSAFPID-1503589",
"CSAFPID-1673415",
"CSAFPID-1673389",
"CSAFPID-1673390",
"CSAFPID-1751237",
"CSAFPID-1751254",
"CSAFPID-1751217",
"CSAFPID-1673481",
"CSAFPID-1751255"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37370",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37370.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-912549",
"CSAFPID-1673413",
"CSAFPID-1673414",
"CSAFPID-1673396",
"CSAFPID-1503590",
"CSAFPID-1673393",
"CSAFPID-1673395",
"CSAFPID-1673399",
"CSAFPID-1672767",
"CSAFPID-1503585",
"CSAFPID-1673392",
"CSAFPID-1503589",
"CSAFPID-1673415",
"CSAFPID-1673389",
"CSAFPID-1673390",
"CSAFPID-1751237",
"CSAFPID-1751254",
"CSAFPID-1751217",
"CSAFPID-1673481",
"CSAFPID-1751255"
]
}
],
"title": "CVE-2024-37370"
},
{
"cve": "CVE-2024-37371",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
}
],
"product_status": {
"known_affected": [
"CSAFPID-912549",
"CSAFPID-1673413",
"CSAFPID-1673414",
"CSAFPID-1673396",
"CSAFPID-1503590",
"CSAFPID-1673393",
"CSAFPID-1673395",
"CSAFPID-1673399",
"CSAFPID-1672767",
"CSAFPID-1503585",
"CSAFPID-1673392",
"CSAFPID-1503589",
"CSAFPID-1673415",
"CSAFPID-1673389",
"CSAFPID-1673390",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1751237",
"CSAFPID-1751254",
"CSAFPID-1751217",
"CSAFPID-1673481",
"CSAFPID-1751255",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37371",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-912549",
"CSAFPID-1673413",
"CSAFPID-1673414",
"CSAFPID-1673396",
"CSAFPID-1503590",
"CSAFPID-1673393",
"CSAFPID-1673395",
"CSAFPID-1673399",
"CSAFPID-1672767",
"CSAFPID-1503585",
"CSAFPID-1673392",
"CSAFPID-1503589",
"CSAFPID-1673415",
"CSAFPID-1673389",
"CSAFPID-1673390",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1751237",
"CSAFPID-1751254",
"CSAFPID-1751217",
"CSAFPID-1673481",
"CSAFPID-1751255",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-37891",
"cwe": {
"id": "CWE-669",
"name": "Incorrect Resource Transfer Between Spheres"
},
"notes": [
{
"category": "other",
"text": "Incorrect Resource Transfer Between Spheres",
"title": "CWE-669"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673395",
"CSAFPID-1673396",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1751225",
"CSAFPID-1751254",
"CSAFPID-1673530",
"CSAFPID-1751217",
"CSAFPID-1751255",
"CSAFPID-816790",
"CSAFPID-1751258",
"CSAFPID-1673481",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37891",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673395",
"CSAFPID-1673396",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1751225",
"CSAFPID-1751254",
"CSAFPID-1673530",
"CSAFPID-1751217",
"CSAFPID-1751255",
"CSAFPID-816790",
"CSAFPID-1751258",
"CSAFPID-1673481",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-38475",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "other",
"text": "Path Traversal: \u0027.../...//\u0027",
"title": "CWE-35"
},
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Use of Hard-coded Credentials",
"title": "CWE-798"
},
{
"category": "other",
"text": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"title": "CWE-338"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-38475",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38475.json"
}
],
"title": "CVE-2024-38475"
},
{
"cve": "CVE-2024-38807",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "other",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751090",
"CSAFPID-1751233",
"CSAFPID-1751234",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38807",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38807.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1751090",
"CSAFPID-1751233",
"CSAFPID-1751234",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-38807"
},
{
"cve": "CVE-2024-38809",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673393"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38809",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38809.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-1673393"
]
}
],
"title": "CVE-2024-38809"
},
{
"cve": "CVE-2024-38816",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673420",
"CSAFPID-1673421",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1751081",
"CSAFPID-1673393",
"CSAFPID-1751079",
"CSAFPID-1751080",
"CSAFPID-1751084",
"CSAFPID-1751085",
"CSAFPID-1751082",
"CSAFPID-1751225"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38816",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673420",
"CSAFPID-1673421",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1751081",
"CSAFPID-1673393",
"CSAFPID-1751079",
"CSAFPID-1751080",
"CSAFPID-1751084",
"CSAFPID-1751085",
"CSAFPID-1751082",
"CSAFPID-1751225"
]
}
],
"title": "CVE-2024-38816"
},
{
"cve": "CVE-2024-38819",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673393",
"CSAFPID-1751079",
"CSAFPID-1751080",
"CSAFPID-1751081",
"CSAFPID-1751082",
"CSAFPID-1751084",
"CSAFPID-1751085",
"CSAFPID-1751225",
"CSAFPID-1672767",
"CSAFPID-1751241"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38819",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673393",
"CSAFPID-1751079",
"CSAFPID-1751080",
"CSAFPID-1751081",
"CSAFPID-1751082",
"CSAFPID-1751084",
"CSAFPID-1751085",
"CSAFPID-1751225",
"CSAFPID-1672767",
"CSAFPID-1751241"
]
}
],
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-38820",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751079",
"CSAFPID-1751225",
"CSAFPID-1751081",
"CSAFPID-1751084",
"CSAFPID-1673393",
"CSAFPID-1751080",
"CSAFPID-1751082",
"CSAFPID-1751085",
"CSAFPID-1672767",
"CSAFPID-1751241"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38820",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751079",
"CSAFPID-1751225",
"CSAFPID-1751081",
"CSAFPID-1751084",
"CSAFPID-1673393",
"CSAFPID-1751080",
"CSAFPID-1751082",
"CSAFPID-1751085",
"CSAFPID-1672767",
"CSAFPID-1751241"
]
}
],
"title": "CVE-2024-38820"
},
{
"cve": "CVE-2024-38827",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"notes": [
{
"category": "other",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751225",
"CSAFPID-1751079",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1673393",
"CSAFPID-1751085",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38827",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38827.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1751225",
"CSAFPID-1751079",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1673393",
"CSAFPID-1751085",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-38827"
},
{
"cve": "CVE-2024-38998",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751225",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-912073",
"CSAFPID-1751254",
"CSAFPID-1751079",
"CSAFPID-1751242",
"CSAFPID-1751234",
"CSAFPID-1673496",
"CSAFPID-1751233",
"CSAFPID-1751255",
"CSAFPID-1673481",
"CSAFPID-1751085",
"CSAFPID-220132",
"CSAFPID-912079"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38998",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751225",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-912073",
"CSAFPID-1751254",
"CSAFPID-1751079",
"CSAFPID-1751242",
"CSAFPID-1751234",
"CSAFPID-1673496",
"CSAFPID-1751233",
"CSAFPID-1751255",
"CSAFPID-1673481",
"CSAFPID-1751085",
"CSAFPID-220132",
"CSAFPID-912079"
]
}
],
"title": "CVE-2024-38998"
},
{
"cve": "CVE-2024-38999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751225",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-912073",
"CSAFPID-1751254",
"CSAFPID-1751079",
"CSAFPID-1751242",
"CSAFPID-1751234",
"CSAFPID-1673496",
"CSAFPID-1751233",
"CSAFPID-1751255",
"CSAFPID-1673481",
"CSAFPID-1751085",
"CSAFPID-220132",
"CSAFPID-912079"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38999",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751225",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-912073",
"CSAFPID-1751254",
"CSAFPID-1751079",
"CSAFPID-1751242",
"CSAFPID-1751234",
"CSAFPID-1673496",
"CSAFPID-1751233",
"CSAFPID-1751255",
"CSAFPID-1673481",
"CSAFPID-1751085",
"CSAFPID-220132",
"CSAFPID-912079"
]
}
],
"title": "CVE-2024-38999"
},
{
"cve": "CVE-2024-41817",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673382",
"CSAFPID-1650731",
"CSAFPID-1674617",
"CSAFPID-1674618",
"CSAFPID-1674619",
"CSAFPID-1674620",
"CSAFPID-1674621",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1674624",
"CSAFPID-1674625",
"CSAFPID-1674626",
"CSAFPID-1674627",
"CSAFPID-1674628",
"CSAFPID-220132",
"CSAFPID-912079"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41817",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41817.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673382",
"CSAFPID-1650731",
"CSAFPID-1674617",
"CSAFPID-1674618",
"CSAFPID-1674619",
"CSAFPID-1674620",
"CSAFPID-1674621",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1674624",
"CSAFPID-1674625",
"CSAFPID-1674626",
"CSAFPID-1674627",
"CSAFPID-1674628",
"CSAFPID-220132",
"CSAFPID-912079"
]
}
],
"title": "CVE-2024-41817"
},
{
"cve": "CVE-2024-45490",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "other",
"text": "Incorrect Calculation of Buffer Size",
"title": "CWE-131"
},
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673382",
"CSAFPID-1673399",
"CSAFPID-1650731",
"CSAFPID-1673517",
"CSAFPID-1673396",
"CSAFPID-1673414",
"CSAFPID-1503590"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45490",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673382",
"CSAFPID-1673399",
"CSAFPID-1650731",
"CSAFPID-1673517",
"CSAFPID-1673396",
"CSAFPID-1673414",
"CSAFPID-1503590"
]
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673382",
"CSAFPID-1673399",
"CSAFPID-1650731",
"CSAFPID-1673517",
"CSAFPID-1673396",
"CSAFPID-1673414",
"CSAFPID-1503590"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45491",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673382",
"CSAFPID-1673399",
"CSAFPID-1650731",
"CSAFPID-1673517",
"CSAFPID-1673396",
"CSAFPID-1673414",
"CSAFPID-1503590"
]
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673382",
"CSAFPID-1673399",
"CSAFPID-1650731",
"CSAFPID-1673517",
"CSAFPID-1673396",
"CSAFPID-1674617",
"CSAFPID-1674618",
"CSAFPID-1674619",
"CSAFPID-1674620",
"CSAFPID-1674621",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1674624",
"CSAFPID-1674625",
"CSAFPID-1674626",
"CSAFPID-1674627",
"CSAFPID-1674628",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1673414",
"CSAFPID-1503590"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45492",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673382",
"CSAFPID-1673399",
"CSAFPID-1650731",
"CSAFPID-1673517",
"CSAFPID-1673396",
"CSAFPID-1674617",
"CSAFPID-1674618",
"CSAFPID-1674619",
"CSAFPID-1674620",
"CSAFPID-1674621",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1674624",
"CSAFPID-1674625",
"CSAFPID-1674626",
"CSAFPID-1674627",
"CSAFPID-1674628",
"CSAFPID-1635305",
"CSAFPID-1635306",
"CSAFPID-1635307",
"CSAFPID-1635308",
"CSAFPID-1635309",
"CSAFPID-1670434",
"CSAFPID-1674629",
"CSAFPID-1635315",
"CSAFPID-1635316",
"CSAFPID-1635318",
"CSAFPID-1674630",
"CSAFPID-1674631",
"CSAFPID-1674632",
"CSAFPID-1674633",
"CSAFPID-1674634",
"CSAFPID-1674635",
"CSAFPID-1635323",
"CSAFPID-1674636",
"CSAFPID-1635324",
"CSAFPID-1674637",
"CSAFPID-1674638",
"CSAFPID-1674639",
"CSAFPID-1674640",
"CSAFPID-1674641",
"CSAFPID-1674642",
"CSAFPID-1635320",
"CSAFPID-1635321",
"CSAFPID-1674643",
"CSAFPID-1674644",
"CSAFPID-1674645",
"CSAFPID-1674646",
"CSAFPID-1673414",
"CSAFPID-1503590"
]
}
],
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-47535",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751233",
"CSAFPID-1751234",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47535",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47535.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751233",
"CSAFPID-1751234",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-47535"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751292",
"CSAFPID-1751234",
"CSAFPID-1751294",
"CSAFPID-1751233",
"CSAFPID-1751295",
"CSAFPID-1751296",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751292",
"CSAFPID-1751234",
"CSAFPID-1751294",
"CSAFPID-1751233",
"CSAFPID-1751295",
"CSAFPID-1751296",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751296",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47561",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751296",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2024-47561"
},
{
"cve": "CVE-2024-47803",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751079",
"CSAFPID-1751225",
"CSAFPID-1672767",
"CSAFPID-1751300",
"CSAFPID-1751241",
"CSAFPID-1751081",
"CSAFPID-1751084",
"CSAFPID-1673393",
"CSAFPID-1751085"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47803",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47803.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1751079",
"CSAFPID-1751225",
"CSAFPID-1672767",
"CSAFPID-1751300",
"CSAFPID-1751241",
"CSAFPID-1751081",
"CSAFPID-1751084",
"CSAFPID-1673393",
"CSAFPID-1751085"
]
}
],
"title": "CVE-2024-47803"
},
{
"cve": "CVE-2024-47804",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
},
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751225",
"CSAFPID-1751079",
"CSAFPID-1672767",
"CSAFPID-1751300",
"CSAFPID-1751241",
"CSAFPID-1751081",
"CSAFPID-1751084",
"CSAFPID-1673393",
"CSAFPID-1751085"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47804",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47804.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1751225",
"CSAFPID-1751079",
"CSAFPID-1672767",
"CSAFPID-1751300",
"CSAFPID-1751241",
"CSAFPID-1751081",
"CSAFPID-1751084",
"CSAFPID-1673393",
"CSAFPID-1751085"
]
}
],
"title": "CVE-2024-47804"
},
{
"cve": "CVE-2024-49766",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751208",
"CSAFPID-1751246",
"CSAFPID-1751209"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-49766",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49766.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751208",
"CSAFPID-1751246",
"CSAFPID-1751209"
]
}
],
"title": "CVE-2024-49766"
},
{
"cve": "CVE-2024-49767",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751208",
"CSAFPID-1751080",
"CSAFPID-1751079",
"CSAFPID-1751225",
"CSAFPID-1751082",
"CSAFPID-1751300",
"CSAFPID-1751246",
"CSAFPID-1751209",
"CSAFPID-1673393",
"CSAFPID-1751085",
"CSAFPID-1751231"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-49767",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49767.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751208",
"CSAFPID-1751080",
"CSAFPID-1751079",
"CSAFPID-1751225",
"CSAFPID-1751082",
"CSAFPID-1751300",
"CSAFPID-1751246",
"CSAFPID-1751209",
"CSAFPID-1673393",
"CSAFPID-1751085",
"CSAFPID-1751231"
]
}
],
"title": "CVE-2024-49767"
},
{
"cve": "CVE-2024-50379",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816790"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-50379",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50379.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816790"
]
}
],
"title": "CVE-2024-50379"
},
{
"cve": "CVE-2024-50602",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751225",
"CSAFPID-1751079",
"CSAFPID-1751082",
"CSAFPID-1751085"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-50602",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50602.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751225",
"CSAFPID-1751079",
"CSAFPID-1751082",
"CSAFPID-1751085"
]
}
],
"title": "CVE-2024-50602"
},
{
"cve": "CVE-2024-53677",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "other",
"text": "Unrestricted Upload of File with Dangerous Type",
"title": "CWE-434"
},
{
"category": "other",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816790"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-53677",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-53677.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816790"
]
}
],
"title": "CVE-2024-53677"
},
{
"cve": "CVE-2024-54677",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816790"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-54677",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54677.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816790"
]
}
],
"title": "CVE-2024-54677"
},
{
"cve": "CVE-2024-56337",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816790"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56337",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816790"
]
}
],
"title": "CVE-2024-56337"
},
{
"cve": "CVE-2025-21542",
"product_status": {
"known_affected": [
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-1673496",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21542",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21542.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-1673496",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2025-21542"
},
{
"cve": "CVE-2025-21544",
"product_status": {
"known_affected": [
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-1673496",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21544",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21544.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-1673496",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2025-21544"
},
{
"cve": "CVE-2025-21554",
"product_status": {
"known_affected": [
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-1673496",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21554",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-1673496",
"CSAFPID-1751377",
"CSAFPID-1751378",
"CSAFPID-1751379",
"CSAFPID-1751380",
"CSAFPID-1751381",
"CSAFPID-1751382",
"CSAFPID-1751383",
"CSAFPID-1674619",
"CSAFPID-1674622",
"CSAFPID-1674623",
"CSAFPID-1751384",
"CSAFPID-1751385",
"CSAFPID-1751386"
]
}
],
"title": "CVE-2025-21554"
}
]
}
ncsc-2025-0020
Vulnerability from csaf_ncscnl
Published
2025-01-22 13:30
Modified
2025-01-22 13:30
Summary
Kwetsbaarheden verholpen in Oracle Database producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in diverse database producten en subsystemen, zoals de Core Database, Graal, Application Express, GoldenGate en REST data.
Interpretaties
De kwetsbaarheden bevinden zich in verschillende componenten van de Oracle Database, waaronder de Data Mining component en de Java VM. Deze kwetsbaarheden stellen laaggeprivilegieerde geauthenticeerde gebruikers in staat om het systeem te compromitteren, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie. De Java VM-kwetsbaarheid kan ook leiden tot ongeautoriseerde wijzigingen van gegevens.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-391
Unchecked Error Condition
CWE-115
Misinterpretation of Input
CWE-466
Return of Pointer Value Outside of Expected Range
CWE-222
Truncation of Security-relevant Information
CWE-131
Incorrect Calculation of Buffer Size
CWE-1287
Improper Validation of Specified Type of Input
CWE-922
Insecure Storage of Sensitive Information
CWE-191
Integer Underflow (Wrap or Wraparound)
CWE-1220
Insufficient Granularity of Access Control
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-178
Improper Handling of Case Sensitivity
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-440
Expected Behavior Violation
CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE-703
Improper Check or Handling of Exceptional Conditions
CWE-617
Reachable Assertion
CWE-427
Uncontrolled Search Path Element
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE-354
Improper Validation of Integrity Check Value
CWE-190
Integer Overflow or Wraparound
CWE-404
Improper Resource Shutdown or Release
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333
Inefficient Regular Expression Complexity
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-476
NULL Pointer Dereference
CWE-757
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-502
Deserialization of Untrusted Data
CWE-674
Uncontrolled Recursion
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-611
Improper Restriction of XML External Entity Reference
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20
Improper Input Validation
CWE-276
Incorrect Default Permissions
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in diverse database producten en subsystemen, zoals de Core Database, Graal, Application Express, GoldenGate en REST data.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich in verschillende componenten van de Oracle Database, waaronder de Data Mining component en de Java VM. Deze kwetsbaarheden stellen laaggeprivilegieerde geauthenticeerde gebruikers in staat om het systeem te compromitteren, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie. De Java VM-kwetsbaarheid kan ook leiden tot ongeautoriseerde wijzigingen van gegevens.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Unchecked Error Condition",
"title": "CWE-391"
},
{
"category": "general",
"text": "Misinterpretation of Input",
"title": "CWE-115"
},
{
"category": "general",
"text": "Return of Pointer Value Outside of Expected Range",
"title": "CWE-466"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "Incorrect Calculation of Buffer Size",
"title": "CWE-131"
},
{
"category": "general",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
},
{
"category": "general",
"text": "Insecure Storage of Sensitive Information",
"title": "CWE-922"
},
{
"category": "general",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "general",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
},
{
"category": "general",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
},
{
"category": "general",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "general",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
},
{
"category": "general",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "general",
"text": "Reachable Assertion",
"title": "CWE-617"
},
{
"category": "general",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "general",
"text": "Authentication Bypass Using an Alternate Path or Channel",
"title": "CWE-288"
},
{
"category": "general",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"title": "CWE-757"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Incorrect Default Permissions",
"title": "CWE-276"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Database producten",
"tracking": {
"current_release_date": "2025-01-22T13:30:16.354373Z",
"id": "NCSC-2025-0020",
"initial_release_date": "2025-01-22T13:30:16.354373Z",
"revision_history": [
{
"date": "2025-01-22T13:30:16.354373Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "graal_development_kit_for_micronaut",
"product": {
"name": "graal_development_kit_for_micronaut",
"product_id": "CSAFPID-1751216",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graal_development_kit_for_micronaut:23.5-23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_data_mining",
"product": {
"name": "database_-_data_mining",
"product_id": "CSAFPID-1751200",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_data_mining:19.3-19.25:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_data_mining",
"product": {
"name": "database_-_data_mining",
"product_id": "CSAFPID-1751199",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_data_mining:21.3-21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_migration_assistant_for_unicode",
"product": {
"name": "database_migration_assistant_for_unicode",
"product_id": "CSAFPID-1751212",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_migration_assistant_for_unicode:19.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_server",
"product": {
"name": "database_server",
"product_id": "CSAFPID-1503604",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_graalvm_multilingual_engine",
"product": {
"name": "database_-_graalvm_multilingual_engine",
"product_id": "CSAFPID-1751223",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:21.4-21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_graalvm_multilingual_engine",
"product": {
"name": "database_-_graalvm_multilingual_engine",
"product_id": "CSAFPID-1751224",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:23.5-23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "application_express",
"product": {
"name": "application_express",
"product_id": "CSAFPID-1503575",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "application_express",
"product": {
"name": "application_express",
"product_id": "CSAFPID-1673188",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-342816",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-816845",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-1650825",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-1751298",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-1751299",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1650767",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.23.0.0.240716:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-485902",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1503736",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.23.0.0.240716:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1503739",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751093",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751094",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:23.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751095",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751204",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:23.4-23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1503738",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751203",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.3-21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1650765",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.3-21.14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "rest_data_services",
"product": {
"name": "rest_data_services",
"product_id": "CSAFPID-711746",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "rest_data_services",
"product": {
"name": "rest_data_services",
"product_id": "CSAFPID-1751305",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:rest_data_services:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "rest_data_services",
"product": {
"name": "rest_data_services",
"product_id": "CSAFPID-1751304",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:rest_data_services:24.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-667692",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-345049",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-611417",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-1673422",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-38998",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1673188",
"CSAFPID-1751204",
"CSAFPID-1751203"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38998",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1673188",
"CSAFPID-1751204",
"CSAFPID-1751203"
]
}
],
"title": "CVE-2024-38998"
},
{
"cve": "CVE-2024-38999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1673188",
"CSAFPID-1751204",
"CSAFPID-1751203"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38999",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1673188",
"CSAFPID-1751204",
"CSAFPID-1751203"
]
}
],
"title": "CVE-2024-38999"
},
{
"cve": "CVE-2024-45490",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "other",
"text": "Incorrect Calculation of Buffer Size",
"title": "CWE-131"
},
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-45490",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json"
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-45491",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json"
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-45492",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json"
}
],
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-45772",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-45772",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45772.json"
}
],
"title": "CVE-2024-45772"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-47554",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json"
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650825",
"CSAFPID-1751298",
"CSAFPID-1751299"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47561",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650825",
"CSAFPID-1751298",
"CSAFPID-1751299"
]
}
],
"title": "CVE-2024-47561"
},
{
"cve": "CVE-2024-50379",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-50379",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50379.json"
}
],
"title": "CVE-2024-50379"
},
{
"cve": "CVE-2024-52316",
"cwe": {
"id": "CWE-391",
"name": "Unchecked Error Condition"
},
"notes": [
{
"category": "other",
"text": "Unchecked Error Condition",
"title": "CWE-391"
},
{
"category": "other",
"text": "Authentication Bypass Using an Alternate Path or Channel",
"title": "CWE-288"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-52316",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52316.json"
}
],
"title": "CVE-2024-52316"
},
{
"cve": "CVE-2024-54677",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-54677",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54677.json"
}
],
"title": "CVE-2024-54677"
},
{
"cve": "CVE-2024-56337",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-56337",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json"
}
],
"title": "CVE-2024-56337"
},
{
"cve": "CVE-2025-21553",
"references": [
{
"category": "self",
"summary": "CVE-2025-21553",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21553.json"
}
],
"title": "CVE-2025-21553"
},
{
"cve": "CVE-2025-21557",
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1673188"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21557",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21557.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1673188"
]
}
],
"title": "CVE-2025-21557"
},
{
"cve": "CVE-2022-26345",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751199",
"CSAFPID-1751200"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-26345",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-26345.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751199",
"CSAFPID-1751200"
]
}
],
"title": "CVE-2022-26345"
},
{
"cve": "CVE-2023-27043",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-27043",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-27043.json"
}
],
"title": "CVE-2023-27043"
},
{
"cve": "CVE-2023-36730",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751203",
"CSAFPID-1751204"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-36730",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36730.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751203",
"CSAFPID-1751204"
]
}
],
"title": "CVE-2023-36730"
},
{
"cve": "CVE-2023-36785",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "other",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751203",
"CSAFPID-1751204"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-36785",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36785.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751203",
"CSAFPID-1751204"
]
}
],
"title": "CVE-2023-36785"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "other",
"text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"title": "CWE-757"
},
{
"category": "other",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650765",
"CSAFPID-1650767",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-711746",
"CSAFPID-816845",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-1751212"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650765",
"CSAFPID-1650767",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-711746",
"CSAFPID-816845",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-1751212"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-52428",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-342816",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-816845",
"CSAFPID-711746",
"CSAFPID-1751216"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52428",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-342816",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-816845",
"CSAFPID-711746",
"CSAFPID-1751216"
]
}
],
"title": "CVE-2023-52428"
},
{
"cve": "CVE-2024-2961",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2961",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
}
],
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-4030",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "other",
"text": "Incorrect Default Permissions",
"title": "CWE-276"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-4030",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4030.json"
}
],
"title": "CVE-2024-4030"
},
{
"cve": "CVE-2024-4032",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "other",
"text": "Expected Behavior Violation",
"title": "CWE-440"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-4032",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4032.json"
}
],
"title": "CVE-2024-4032"
},
{
"cve": "CVE-2024-6232",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-6232",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json"
}
],
"title": "CVE-2024-6232"
},
{
"cve": "CVE-2024-6763",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751304",
"CSAFPID-1751305"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6763",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6763.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1751304",
"CSAFPID-1751305"
]
}
],
"title": "CVE-2024-6763"
},
{
"cve": "CVE-2024-6923",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-6923",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6923.json"
}
],
"title": "CVE-2024-6923"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-7254",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json"
}
],
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-7592",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-7592",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json"
}
],
"title": "CVE-2024-7592"
},
{
"cve": "CVE-2024-8088",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-8088",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8088.json"
}
],
"title": "CVE-2024-8088"
},
{
"cve": "CVE-2024-8927",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8927",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8927.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-8927"
},
{
"cve": "CVE-2024-11053",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-11053",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11053.json"
}
],
"title": "CVE-2024-11053"
},
{
"cve": "CVE-2024-21211",
"cwe": {
"id": "CWE-922",
"name": "Insecure Storage of Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Insecure Storage of Sensitive Information",
"title": "CWE-922"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751223",
"CSAFPID-1751224"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21211",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21211.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1751223",
"CSAFPID-1751224"
]
}
],
"title": "CVE-2024-21211"
},
{
"cve": "CVE-2024-22262",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650825",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22262",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1650825",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
}
],
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-24789",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-24789",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24789.json"
}
],
"title": "CVE-2024-24789"
},
{
"cve": "CVE-2024-24790",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Misinterpretation of Input",
"title": "CWE-115"
},
{
"category": "other",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-24790",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24790.json"
}
],
"title": "CVE-2024-24790"
},
{
"cve": "CVE-2024-24791",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-24791",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24791.json"
}
],
"title": "CVE-2024-24791"
},
{
"cve": "CVE-2024-28757",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28757",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28757.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-33599",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33599",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33599.json"
}
],
"title": "CVE-2024-33599"
},
{
"cve": "CVE-2024-33600",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33600",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33600.json"
}
],
"title": "CVE-2024-33600"
},
{
"cve": "CVE-2024-33601",
"cwe": {
"id": "CWE-703",
"name": "Improper Check or Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "other",
"text": "Reachable Assertion",
"title": "CWE-617"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33601",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33601.json"
}
],
"title": "CVE-2024-33601"
},
{
"cve": "CVE-2024-33602",
"cwe": {
"id": "CWE-466",
"name": "Return of Pointer Value Outside of Expected Range"
},
"notes": [
{
"category": "other",
"text": "Return of Pointer Value Outside of Expected Range",
"title": "CWE-466"
},
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33602",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json"
}
],
"title": "CVE-2024-33602"
},
{
"cve": "CVE-2024-38819",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650825"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38819",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1650825"
]
}
],
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-38820",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650825"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38820",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650825"
]
}
],
"title": "CVE-2024-38820"
}
]
}
ncsc-2025-0023
Vulnerability from csaf_ncscnl
Published
2025-01-22 13:31
Modified
2025-01-22 13:31
Summary
Kwetsbaarheden verholpen in Oracle PeopleSoft
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft meerdere kwetsbaarheden verholpen in Oracle PeopleSoft, specifiek in de versies 8.60, 8.61 en 9.2.
Interpretaties
De kwetsbaarheden in Oracle PeopleSoft stellen geauthenticeerde kwaadwillenden in staat om via HTTP-netwerktoegang ongeautoriseerde toegang te krijgen tot specifieke gegevens, wat kan leiden tot ongeautoriseerde gegevensmanipulatie en -toegang. Kwaadwillenden kunnen ook een Denial-of-Service veroorzaken. Hiervoor heeft de kwaadwillende geen voorafgaande authenticatie nodig.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden in PeopleSoft te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-670
Always-Incorrect Control Flow Implementation
CWE-1395
Dependency on Vulnerable Third-Party Component
CWE-669
Incorrect Resource Transfer Between Spheres
CWE-126
Buffer Over-read
CWE-125
Out-of-bounds Read
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft meerdere kwetsbaarheden verholpen in Oracle PeopleSoft, specifiek in de versies 8.60, 8.61 en 9.2.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in Oracle PeopleSoft stellen geauthenticeerde kwaadwillenden in staat om via HTTP-netwerktoegang ongeautoriseerde toegang te krijgen tot specifieke gegevens, wat kan leiden tot ongeautoriseerde gegevensmanipulatie en -toegang. Kwaadwillenden kunnen ook een Denial-of-Service veroorzaken. Hiervoor heeft de kwaadwillende geen voorafgaande authenticatie nodig.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden in PeopleSoft te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Always-Incorrect Control Flow Implementation",
"title": "CWE-670"
},
{
"category": "general",
"text": "Dependency on Vulnerable Third-Party Component",
"title": "CWE-1395"
},
{
"category": "general",
"text": "Incorrect Resource Transfer Between Spheres",
"title": "CWE-669"
},
{
"category": "general",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle PeopleSoft",
"tracking": {
"current_release_date": "2025-01-22T13:31:17.380797Z",
"id": "NCSC-2025-0023",
"initial_release_date": "2025-01-22T13:31:17.380797Z",
"revision_history": [
{
"date": "2025-01-22T13:31:17.380797Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "peoplesoft_enterprise_cc_common_application_objects",
"product": {
"name": "peoplesoft_enterprise_cc_common_application_objects",
"product_id": "CSAFPID-449779",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_cc_common_application_objects:9.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "peoplesoft_enterprise_fin_cash_management",
"product": {
"name": "peoplesoft_enterprise_fin_cash_management",
"product_id": "CSAFPID-765405",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_cash_management:9.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "peoplesoft_enterprise_fin_esettlements",
"product": {
"name": "peoplesoft_enterprise_fin_esettlements",
"product_id": "CSAFPID-1751153",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_esettlements:9.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "peoplesoft_enterprise_hcm_human_resources",
"product": {
"name": "peoplesoft_enterprise_hcm_human_resources",
"product_id": "CSAFPID-172663",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_human_resources:9.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "peoplesoft_enterprise_hcm_shared_components",
"product": {
"name": "peoplesoft_enterprise_hcm_shared_components",
"product_id": "CSAFPID-607590",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_shared_components:9.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "peoplesoft_enterprise_peopletools",
"product": {
"name": "peoplesoft_enterprise_peopletools",
"product_id": "CSAFPID-1682",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "peoplesoft_enterprise_peopletools",
"product": {
"name": "peoplesoft_enterprise_peopletools",
"product_id": "CSAFPID-1681",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.60:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "peoplesoft_enterprise_peopletools",
"product": {
"name": "peoplesoft_enterprise_peopletools",
"product_id": "CSAFPID-816362",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.61:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "peoplesoft_enterprise_peopletools",
"product": {
"name": "peoplesoft_enterprise_peopletools",
"product_id": "CSAFPID-1503667",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:_opensearch___8.59:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "peoplesoft_enterprise_peopletools",
"product": {
"name": "peoplesoft_enterprise_peopletools",
"product_id": "CSAFPID-1503672",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:_opensearch___8.60:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "peoplesoft_enterprise_peopletools",
"product": {
"name": "peoplesoft_enterprise_peopletools",
"product_id": "CSAFPID-1503676",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:_opensearch___8.61:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "peoplesoft_enterprise_peopletools",
"product": {
"name": "peoplesoft_enterprise_peopletools",
"product_id": "CSAFPID-1503669",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:_web_server___8.59:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "peoplesoft_enterprise_peopletools",
"product": {
"name": "peoplesoft_enterprise_peopletools",
"product_id": "CSAFPID-1503673",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:_web_server___8.60:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "peoplesoft_enterprise_peopletools",
"product": {
"name": "peoplesoft_enterprise_peopletools",
"product_id": "CSAFPID-1503678",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:_web_server___8.61:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "peoplesoft_enterprise_scm_purchasing",
"product": {
"name": "peoplesoft_enterprise_scm_purchasing",
"product_id": "CSAFPID-172660",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_scm_purchasing:9.2:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-22218",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816362",
"CSAFPID-1681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-22218",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-22218.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816362",
"CSAFPID-1681"
]
}
],
"title": "CVE-2020-22218"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "other",
"text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"title": "CWE-757"
},
{
"category": "other",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1682",
"CSAFPID-1681",
"CSAFPID-816362",
"CSAFPID-172663",
"CSAFPID-607590",
"CSAFPID-1503667",
"CSAFPID-1503669",
"CSAFPID-1503672",
"CSAFPID-1503673",
"CSAFPID-1503676",
"CSAFPID-1503678"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1682",
"CSAFPID-1681",
"CSAFPID-816362",
"CSAFPID-172663",
"CSAFPID-607590",
"CSAFPID-1503667",
"CSAFPID-1503669",
"CSAFPID-1503672",
"CSAFPID-1503673",
"CSAFPID-1503676",
"CSAFPID-1503678"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2024-0397",
"product_status": {
"known_affected": [
"CSAFPID-172663",
"CSAFPID-607590",
"CSAFPID-1503667",
"CSAFPID-1503669",
"CSAFPID-1682",
"CSAFPID-1503672",
"CSAFPID-1503673",
"CSAFPID-1681",
"CSAFPID-1503676",
"CSAFPID-1503678",
"CSAFPID-816362"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0397",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0397.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-172663",
"CSAFPID-607590",
"CSAFPID-1503667",
"CSAFPID-1503669",
"CSAFPID-1682",
"CSAFPID-1503672",
"CSAFPID-1503673",
"CSAFPID-1681",
"CSAFPID-1503676",
"CSAFPID-1503678",
"CSAFPID-816362"
]
}
],
"title": "CVE-2024-0397"
},
{
"cve": "CVE-2024-2511",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improperly Controlled Sequential Memory Allocation",
"title": "CWE-1325"
}
],
"product_status": {
"known_affected": [
"CSAFPID-172663",
"CSAFPID-607590",
"CSAFPID-1503667",
"CSAFPID-1503669",
"CSAFPID-1682",
"CSAFPID-1503672",
"CSAFPID-1503673",
"CSAFPID-1681",
"CSAFPID-1503676",
"CSAFPID-1503678",
"CSAFPID-816362"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2511",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2511.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-172663",
"CSAFPID-607590",
"CSAFPID-1503667",
"CSAFPID-1503669",
"CSAFPID-1682",
"CSAFPID-1503672",
"CSAFPID-1503673",
"CSAFPID-1681",
"CSAFPID-1503676",
"CSAFPID-1503678",
"CSAFPID-816362"
]
}
],
"title": "CVE-2024-2511"
},
{
"cve": "CVE-2024-4030",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "other",
"text": "Incorrect Default Permissions",
"title": "CWE-276"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816362",
"CSAFPID-1681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4030",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4030.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816362",
"CSAFPID-1681"
]
}
],
"title": "CVE-2024-4030"
},
{
"cve": "CVE-2024-4032",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "other",
"text": "Expected Behavior Violation",
"title": "CWE-440"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816362",
"CSAFPID-1681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4032",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4032.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816362",
"CSAFPID-1681"
]
}
],
"title": "CVE-2024-4032"
},
{
"cve": "CVE-2024-4603",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"notes": [
{
"category": "other",
"text": "Unchecked Input for Loop Condition",
"title": "CWE-606"
},
{
"category": "other",
"text": "Excessive Iteration",
"title": "CWE-834"
}
],
"product_status": {
"known_affected": [
"CSAFPID-172663",
"CSAFPID-607590",
"CSAFPID-1503667",
"CSAFPID-1503669",
"CSAFPID-1682",
"CSAFPID-1503672",
"CSAFPID-1503673",
"CSAFPID-1681",
"CSAFPID-1503676",
"CSAFPID-1503678",
"CSAFPID-816362"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4603",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4603.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-172663",
"CSAFPID-607590",
"CSAFPID-1503667",
"CSAFPID-1503669",
"CSAFPID-1682",
"CSAFPID-1503672",
"CSAFPID-1503673",
"CSAFPID-1681",
"CSAFPID-1503676",
"CSAFPID-1503678",
"CSAFPID-816362"
]
}
],
"title": "CVE-2024-4603"
},
{
"cve": "CVE-2024-4741",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-172663",
"CSAFPID-607590",
"CSAFPID-1503667",
"CSAFPID-1503669",
"CSAFPID-1682",
"CSAFPID-1503672",
"CSAFPID-1503673",
"CSAFPID-1681",
"CSAFPID-1503676",
"CSAFPID-1503678",
"CSAFPID-816362"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4741",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4741.json"
}
],
"title": "CVE-2024-4741"
},
{
"cve": "CVE-2024-5535",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Dependency on Vulnerable Third-Party Component",
"title": "CWE-1395"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1681",
"CSAFPID-816362"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-5535",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1681",
"CSAFPID-816362"
]
}
],
"title": "CVE-2024-5535"
},
{
"cve": "CVE-2024-6119",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816362",
"CSAFPID-1681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6119",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6119.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816362",
"CSAFPID-1681"
]
}
],
"title": "CVE-2024-6119"
},
{
"cve": "CVE-2024-6232",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816362",
"CSAFPID-1681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6232",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816362",
"CSAFPID-1681"
]
}
],
"title": "CVE-2024-6232"
},
{
"cve": "CVE-2024-7592",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816362",
"CSAFPID-1681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7592",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816362",
"CSAFPID-1681"
]
}
],
"title": "CVE-2024-7592"
},
{
"cve": "CVE-2024-22018",
"cwe": {
"id": "CWE-275",
"name": "-"
},
"notes": [
{
"category": "other",
"text": "CWE-275",
"title": "CWE-275"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816362",
"CSAFPID-1681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22018",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22018.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816362",
"CSAFPID-1681"
]
}
],
"title": "CVE-2024-22018"
},
{
"cve": "CVE-2024-22019",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1681",
"CSAFPID-1682",
"CSAFPID-816362",
"CSAFPID-172663",
"CSAFPID-607590",
"CSAFPID-1503667",
"CSAFPID-1503669",
"CSAFPID-1503672",
"CSAFPID-1503673",
"CSAFPID-1503676",
"CSAFPID-1503678"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22019",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22019.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1681",
"CSAFPID-1682",
"CSAFPID-816362",
"CSAFPID-172663",
"CSAFPID-607590",
"CSAFPID-1503667",
"CSAFPID-1503669",
"CSAFPID-1503672",
"CSAFPID-1503673",
"CSAFPID-1503676",
"CSAFPID-1503678"
]
}
],
"title": "CVE-2024-22019"
},
{
"cve": "CVE-2024-22020",
"product_status": {
"known_affected": [
"CSAFPID-816362",
"CSAFPID-1681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22020",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22020.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816362",
"CSAFPID-1681"
]
}
],
"title": "CVE-2024-22020"
},
{
"cve": "CVE-2024-27280",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816362",
"CSAFPID-1681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-27280",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27280.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816362",
"CSAFPID-1681"
]
}
],
"title": "CVE-2024-27280"
},
{
"cve": "CVE-2024-27281",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "other",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1681",
"CSAFPID-816362"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-27281",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27281.json"
}
],
"title": "CVE-2024-27281"
},
{
"cve": "CVE-2024-27282",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816362",
"CSAFPID-1681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-27282",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27282.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816362",
"CSAFPID-1681"
]
}
],
"title": "CVE-2024-27282"
},
{
"cve": "CVE-2024-28849",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-172663",
"CSAFPID-607590",
"CSAFPID-1503667",
"CSAFPID-1503669",
"CSAFPID-1682",
"CSAFPID-1503672",
"CSAFPID-1503673",
"CSAFPID-1681",
"CSAFPID-1503676",
"CSAFPID-1503678",
"CSAFPID-816362"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28849",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-172663",
"CSAFPID-607590",
"CSAFPID-1503667",
"CSAFPID-1503669",
"CSAFPID-1682",
"CSAFPID-1503672",
"CSAFPID-1503673",
"CSAFPID-1681",
"CSAFPID-1503676",
"CSAFPID-1503678",
"CSAFPID-816362"
]
}
],
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-172663",
"CSAFPID-607590",
"CSAFPID-1503667",
"CSAFPID-1503669",
"CSAFPID-1682",
"CSAFPID-1503672",
"CSAFPID-1503673",
"CSAFPID-1681",
"CSAFPID-1503676",
"CSAFPID-1503678",
"CSAFPID-816362"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29025",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-172663",
"CSAFPID-607590",
"CSAFPID-1503667",
"CSAFPID-1503669",
"CSAFPID-1682",
"CSAFPID-1503672",
"CSAFPID-1503673",
"CSAFPID-1681",
"CSAFPID-1503676",
"CSAFPID-1503678",
"CSAFPID-816362"
]
}
],
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-35195",
"cwe": {
"id": "CWE-670",
"name": "Always-Incorrect Control Flow Implementation"
},
"notes": [
{
"category": "other",
"text": "Always-Incorrect Control Flow Implementation",
"title": "CWE-670"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816362",
"CSAFPID-1681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35195",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35195.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816362",
"CSAFPID-1681"
]
}
],
"title": "CVE-2024-35195"
},
{
"cve": "CVE-2024-36137",
"cwe": {
"id": "CWE-275",
"name": "-"
},
"notes": [
{
"category": "other",
"text": "CWE-275",
"title": "CWE-275"
},
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816362",
"CSAFPID-1681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36137",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36137.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816362",
"CSAFPID-1681"
]
}
],
"title": "CVE-2024-36137"
},
{
"cve": "CVE-2024-36138",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816362",
"CSAFPID-1681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36138",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36138.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816362",
"CSAFPID-1681"
]
}
],
"title": "CVE-2024-36138"
},
{
"cve": "CVE-2024-37372",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816362",
"CSAFPID-1681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37372",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37372.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816362",
"CSAFPID-1681"
]
}
],
"title": "CVE-2024-37372"
},
{
"cve": "CVE-2024-37891",
"cwe": {
"id": "CWE-669",
"name": "Incorrect Resource Transfer Between Spheres"
},
"notes": [
{
"category": "other",
"text": "Incorrect Resource Transfer Between Spheres",
"title": "CWE-669"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816362",
"CSAFPID-1681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37891",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816362",
"CSAFPID-1681"
]
}
],
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-38998",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816362",
"CSAFPID-1681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38998",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816362",
"CSAFPID-1681"
]
}
],
"title": "CVE-2024-38998"
},
{
"cve": "CVE-2024-38999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816362",
"CSAFPID-1681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38999",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816362",
"CSAFPID-1681"
]
}
],
"title": "CVE-2024-38999"
},
{
"cve": "CVE-2025-21530",
"product_status": {
"known_affected": [
"CSAFPID-1681",
"CSAFPID-816362"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21530",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21530.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1681",
"CSAFPID-816362"
]
}
],
"title": "CVE-2025-21530"
},
{
"cve": "CVE-2025-21537",
"product_status": {
"known_affected": [
"CSAFPID-765405"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21537",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21537.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-765405"
]
}
],
"title": "CVE-2025-21537"
},
{
"cve": "CVE-2025-21539",
"product_status": {
"known_affected": [
"CSAFPID-1751153"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21539",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21539.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1751153"
]
}
],
"title": "CVE-2025-21539"
},
{
"cve": "CVE-2025-21545",
"product_status": {
"known_affected": [
"CSAFPID-1681",
"CSAFPID-816362"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21545",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21545.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1681",
"CSAFPID-816362"
]
}
],
"title": "CVE-2025-21545"
},
{
"cve": "CVE-2025-21561",
"product_status": {
"known_affected": [
"CSAFPID-172660"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21561",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-172660"
]
}
],
"title": "CVE-2025-21561"
},
{
"cve": "CVE-2025-21562",
"product_status": {
"known_affected": [
"CSAFPID-449779"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21562",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21562.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-449779"
]
}
],
"title": "CVE-2025-21562"
},
{
"cve": "CVE-2025-21563",
"product_status": {
"known_affected": [
"CSAFPID-449779"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21563",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21563.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-449779"
]
}
],
"title": "CVE-2025-21563"
}
]
}
fkie_cve-2024-4030
Vulnerability from fkie_nvd
Published
2024-05-07 21:15
Modified
2024-11-21 09:42
Severity ?
Summary
On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.
If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.
This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cna@python.org | https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a | ||
| cna@python.org | https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd | ||
| cna@python.org | https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee | ||
| cna@python.org | https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e | ||
| cna@python.org | https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e | ||
| cna@python.org | https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d | ||
| cna@python.org | https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee | ||
| cna@python.org | https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca | ||
| cna@python.org | https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d | ||
| cna@python.org | https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84 | ||
| cna@python.org | https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763 | ||
| cna@python.org | https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46 | ||
| cna@python.org | https://github.com/python/cpython/issues/118486 | ||
| cna@python.org | https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/ | ||
| cna@python.org | https://security.netapp.com/advisory/ntap-20240705-0005/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/python/cpython/issues/118486 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240705-0005/ |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you\u2019re not using Windows or haven\u2019t changed the temporary directory location then you aren\u2019t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \u201c700\u201d for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions."
},
{
"lang": "es",
"value": "En Windows, un directorio devuelto por tempfile.mkdtemp() no siempre tendr\u00eda permisos configurados para restringir la lectura y escritura en el directorio temporal por parte de otros usuarios, sino que normalmente heredar\u00eda los permisos correctos de la ubicaci\u00f3n predeterminada. Es posible que las configuraciones alternativas o los usuarios sin un directorio de perfil no tengan los permisos previstos. Si no est\u00e1 utilizando Windows o no ha cambiado la ubicaci\u00f3n del directorio temporal, esta vulnerabilidad no le afecta. En otras plataformas, el directorio devuelto solo el usuario actual puede leerlo y escribirlo constantemente. Este problema se debi\u00f3 a que Python no admite permisos de Unix en Windows. La soluci\u00f3n agrega soporte para Unix \u201c700\u201d para la funci\u00f3n mkdir en Windows que utiliza mkdtemp() para garantizar que el directorio reci\u00e9n creado tenga los permisos adecuados."
}
],
"id": "CVE-2024-4030",
"lastModified": "2024-11-21T09:42:03.650",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-07T21:15:09.467",
"references": [
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/issues/118486"
},
{
"source": "cna@python.org",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/"
},
{
"source": "cna@python.org",
"url": "https://security.netapp.com/advisory/ntap-20240705-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/python/cpython/issues/118486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240705-0005/"
}
],
"sourceIdentifier": "cna@python.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "cna@python.org",
"type": "Secondary"
}
]
}
suse-su-2024:2572-1
Vulnerability from csaf_suse
Published
2024-07-22 10:34
Modified
2024-07-22 10:34
Summary
Security update for python312
Notes
Title of the patch
Security update for python312
Description of the patch
This update for python312 fixes the following issues:
- CVE-2024-4032: Corrected information about public and private IPv4
and IPv6 address ranges (bsc#1226448).
Patchnames
SUSE-2024-2572,SUSE-SLE-Module-Python3-15-SP6-2024-2572,openSUSE-SLE-15.6-2024-2572
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python312",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python312 fixes the following issues:\n\n- CVE-2024-4032: Corrected information about public and private IPv4\n and IPv6 address ranges (bsc#1226448).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2572,SUSE-SLE-Module-Python3-15-SP6-2024-2572,openSUSE-SLE-15.6-2024-2572",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2572-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2572-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242572-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2572-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-July/036102.html"
},
{
"category": "self",
"summary": "SUSE Bug 1225660",
"url": "https://bugzilla.suse.com/1225660"
},
{
"category": "self",
"summary": "SUSE Bug 1226447",
"url": "https://bugzilla.suse.com/1226447"
},
{
"category": "self",
"summary": "SUSE Bug 1226448",
"url": "https://bugzilla.suse.com/1226448"
},
{
"category": "self",
"summary": "SUSE Bug 1227152",
"url": "https://bugzilla.suse.com/1227152"
},
{
"category": "self",
"summary": "SUSE Bug 1227378",
"url": "https://bugzilla.suse.com/1227378"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0397 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4030 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4032 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4032/"
}
],
"title": "Security update for python312",
"tracking": {
"current_release_date": "2024-07-22T10:34:49Z",
"generator": {
"date": "2024-07-22T10:34:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2572-1",
"initial_release_date": "2024-07-22T10:34:49Z",
"revision_history": [
{
"date": "2024-07-22T10:34:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"product": {
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"product_id": "libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-3.12.4-150600.3.3.1.aarch64",
"product": {
"name": "python312-3.12.4-150600.3.3.1.aarch64",
"product_id": "python312-3.12.4-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-base-3.12.4-150600.3.3.1.aarch64",
"product": {
"name": "python312-base-3.12.4-150600.3.3.1.aarch64",
"product_id": "python312-base-3.12.4-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-curses-3.12.4-150600.3.3.1.aarch64",
"product": {
"name": "python312-curses-3.12.4-150600.3.3.1.aarch64",
"product_id": "python312-curses-3.12.4-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-dbm-3.12.4-150600.3.3.1.aarch64",
"product": {
"name": "python312-dbm-3.12.4-150600.3.3.1.aarch64",
"product_id": "python312-dbm-3.12.4-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-devel-3.12.4-150600.3.3.1.aarch64",
"product": {
"name": "python312-devel-3.12.4-150600.3.3.1.aarch64",
"product_id": "python312-devel-3.12.4-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-doc-3.12.4-150600.3.3.1.aarch64",
"product": {
"name": "python312-doc-3.12.4-150600.3.3.1.aarch64",
"product_id": "python312-doc-3.12.4-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-doc-devhelp-3.12.4-150600.3.3.1.aarch64",
"product": {
"name": "python312-doc-devhelp-3.12.4-150600.3.3.1.aarch64",
"product_id": "python312-doc-devhelp-3.12.4-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-idle-3.12.4-150600.3.3.1.aarch64",
"product": {
"name": "python312-idle-3.12.4-150600.3.3.1.aarch64",
"product_id": "python312-idle-3.12.4-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-testsuite-3.12.4-150600.3.3.1.aarch64",
"product": {
"name": "python312-testsuite-3.12.4-150600.3.3.1.aarch64",
"product_id": "python312-testsuite-3.12.4-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-tk-3.12.4-150600.3.3.1.aarch64",
"product": {
"name": "python312-tk-3.12.4-150600.3.3.1.aarch64",
"product_id": "python312-tk-3.12.4-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-tools-3.12.4-150600.3.3.1.aarch64",
"product": {
"name": "python312-tools-3.12.4-150600.3.3.1.aarch64",
"product_id": "python312-tools-3.12.4-150600.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_12-1_0-64bit-3.12.4-150600.3.3.1.aarch64_ilp32",
"product": {
"name": "libpython3_12-1_0-64bit-3.12.4-150600.3.3.1.aarch64_ilp32",
"product_id": "libpython3_12-1_0-64bit-3.12.4-150600.3.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python312-64bit-3.12.4-150600.3.3.1.aarch64_ilp32",
"product": {
"name": "python312-64bit-3.12.4-150600.3.3.1.aarch64_ilp32",
"product_id": "python312-64bit-3.12.4-150600.3.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python312-base-64bit-3.12.4-150600.3.3.1.aarch64_ilp32",
"product": {
"name": "python312-base-64bit-3.12.4-150600.3.3.1.aarch64_ilp32",
"product_id": "python312-base-64bit-3.12.4-150600.3.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.i586",
"product": {
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.i586",
"product_id": "libpython3_12-1_0-3.12.4-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "python312-3.12.4-150600.3.3.1.i586",
"product": {
"name": "python312-3.12.4-150600.3.3.1.i586",
"product_id": "python312-3.12.4-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "python312-base-3.12.4-150600.3.3.1.i586",
"product": {
"name": "python312-base-3.12.4-150600.3.3.1.i586",
"product_id": "python312-base-3.12.4-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "python312-curses-3.12.4-150600.3.3.1.i586",
"product": {
"name": "python312-curses-3.12.4-150600.3.3.1.i586",
"product_id": "python312-curses-3.12.4-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "python312-dbm-3.12.4-150600.3.3.1.i586",
"product": {
"name": "python312-dbm-3.12.4-150600.3.3.1.i586",
"product_id": "python312-dbm-3.12.4-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "python312-devel-3.12.4-150600.3.3.1.i586",
"product": {
"name": "python312-devel-3.12.4-150600.3.3.1.i586",
"product_id": "python312-devel-3.12.4-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "python312-doc-3.12.4-150600.3.3.1.i586",
"product": {
"name": "python312-doc-3.12.4-150600.3.3.1.i586",
"product_id": "python312-doc-3.12.4-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "python312-doc-devhelp-3.12.4-150600.3.3.1.i586",
"product": {
"name": "python312-doc-devhelp-3.12.4-150600.3.3.1.i586",
"product_id": "python312-doc-devhelp-3.12.4-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "python312-idle-3.12.4-150600.3.3.1.i586",
"product": {
"name": "python312-idle-3.12.4-150600.3.3.1.i586",
"product_id": "python312-idle-3.12.4-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "python312-testsuite-3.12.4-150600.3.3.1.i586",
"product": {
"name": "python312-testsuite-3.12.4-150600.3.3.1.i586",
"product_id": "python312-testsuite-3.12.4-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "python312-tk-3.12.4-150600.3.3.1.i586",
"product": {
"name": "python312-tk-3.12.4-150600.3.3.1.i586",
"product_id": "python312-tk-3.12.4-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "python312-tools-3.12.4-150600.3.3.1.i586",
"product": {
"name": "python312-tools-3.12.4-150600.3.3.1.i586",
"product_id": "python312-tools-3.12.4-150600.3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"product": {
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"product_id": "libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-3.12.4-150600.3.3.1.ppc64le",
"product": {
"name": "python312-3.12.4-150600.3.3.1.ppc64le",
"product_id": "python312-3.12.4-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-base-3.12.4-150600.3.3.1.ppc64le",
"product": {
"name": "python312-base-3.12.4-150600.3.3.1.ppc64le",
"product_id": "python312-base-3.12.4-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-curses-3.12.4-150600.3.3.1.ppc64le",
"product": {
"name": "python312-curses-3.12.4-150600.3.3.1.ppc64le",
"product_id": "python312-curses-3.12.4-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"product": {
"name": "python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"product_id": "python312-dbm-3.12.4-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-devel-3.12.4-150600.3.3.1.ppc64le",
"product": {
"name": "python312-devel-3.12.4-150600.3.3.1.ppc64le",
"product_id": "python312-devel-3.12.4-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-doc-3.12.4-150600.3.3.1.ppc64le",
"product": {
"name": "python312-doc-3.12.4-150600.3.3.1.ppc64le",
"product_id": "python312-doc-3.12.4-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-doc-devhelp-3.12.4-150600.3.3.1.ppc64le",
"product": {
"name": "python312-doc-devhelp-3.12.4-150600.3.3.1.ppc64le",
"product_id": "python312-doc-devhelp-3.12.4-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-idle-3.12.4-150600.3.3.1.ppc64le",
"product": {
"name": "python312-idle-3.12.4-150600.3.3.1.ppc64le",
"product_id": "python312-idle-3.12.4-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-testsuite-3.12.4-150600.3.3.1.ppc64le",
"product": {
"name": "python312-testsuite-3.12.4-150600.3.3.1.ppc64le",
"product_id": "python312-testsuite-3.12.4-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-tk-3.12.4-150600.3.3.1.ppc64le",
"product": {
"name": "python312-tk-3.12.4-150600.3.3.1.ppc64le",
"product_id": "python312-tk-3.12.4-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-tools-3.12.4-150600.3.3.1.ppc64le",
"product": {
"name": "python312-tools-3.12.4-150600.3.3.1.ppc64le",
"product_id": "python312-tools-3.12.4-150600.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"product": {
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"product_id": "libpython3_12-1_0-3.12.4-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-3.12.4-150600.3.3.1.s390x",
"product": {
"name": "python312-3.12.4-150600.3.3.1.s390x",
"product_id": "python312-3.12.4-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-base-3.12.4-150600.3.3.1.s390x",
"product": {
"name": "python312-base-3.12.4-150600.3.3.1.s390x",
"product_id": "python312-base-3.12.4-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-curses-3.12.4-150600.3.3.1.s390x",
"product": {
"name": "python312-curses-3.12.4-150600.3.3.1.s390x",
"product_id": "python312-curses-3.12.4-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-dbm-3.12.4-150600.3.3.1.s390x",
"product": {
"name": "python312-dbm-3.12.4-150600.3.3.1.s390x",
"product_id": "python312-dbm-3.12.4-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-devel-3.12.4-150600.3.3.1.s390x",
"product": {
"name": "python312-devel-3.12.4-150600.3.3.1.s390x",
"product_id": "python312-devel-3.12.4-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-doc-3.12.4-150600.3.3.1.s390x",
"product": {
"name": "python312-doc-3.12.4-150600.3.3.1.s390x",
"product_id": "python312-doc-3.12.4-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-doc-devhelp-3.12.4-150600.3.3.1.s390x",
"product": {
"name": "python312-doc-devhelp-3.12.4-150600.3.3.1.s390x",
"product_id": "python312-doc-devhelp-3.12.4-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-idle-3.12.4-150600.3.3.1.s390x",
"product": {
"name": "python312-idle-3.12.4-150600.3.3.1.s390x",
"product_id": "python312-idle-3.12.4-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-testsuite-3.12.4-150600.3.3.1.s390x",
"product": {
"name": "python312-testsuite-3.12.4-150600.3.3.1.s390x",
"product_id": "python312-testsuite-3.12.4-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-tk-3.12.4-150600.3.3.1.s390x",
"product": {
"name": "python312-tk-3.12.4-150600.3.3.1.s390x",
"product_id": "python312-tk-3.12.4-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-tools-3.12.4-150600.3.3.1.s390x",
"product": {
"name": "python312-tools-3.12.4-150600.3.3.1.s390x",
"product_id": "python312-tools-3.12.4-150600.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"product": {
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"product_id": "libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpython3_12-1_0-32bit-3.12.4-150600.3.3.1.x86_64",
"product": {
"name": "libpython3_12-1_0-32bit-3.12.4-150600.3.3.1.x86_64",
"product_id": "libpython3_12-1_0-32bit-3.12.4-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-3.12.4-150600.3.3.1.x86_64",
"product": {
"name": "python312-3.12.4-150600.3.3.1.x86_64",
"product_id": "python312-3.12.4-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-32bit-3.12.4-150600.3.3.1.x86_64",
"product": {
"name": "python312-32bit-3.12.4-150600.3.3.1.x86_64",
"product_id": "python312-32bit-3.12.4-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-base-3.12.4-150600.3.3.1.x86_64",
"product": {
"name": "python312-base-3.12.4-150600.3.3.1.x86_64",
"product_id": "python312-base-3.12.4-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-base-32bit-3.12.4-150600.3.3.1.x86_64",
"product": {
"name": "python312-base-32bit-3.12.4-150600.3.3.1.x86_64",
"product_id": "python312-base-32bit-3.12.4-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-curses-3.12.4-150600.3.3.1.x86_64",
"product": {
"name": "python312-curses-3.12.4-150600.3.3.1.x86_64",
"product_id": "python312-curses-3.12.4-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-dbm-3.12.4-150600.3.3.1.x86_64",
"product": {
"name": "python312-dbm-3.12.4-150600.3.3.1.x86_64",
"product_id": "python312-dbm-3.12.4-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-devel-3.12.4-150600.3.3.1.x86_64",
"product": {
"name": "python312-devel-3.12.4-150600.3.3.1.x86_64",
"product_id": "python312-devel-3.12.4-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-doc-3.12.4-150600.3.3.1.x86_64",
"product": {
"name": "python312-doc-3.12.4-150600.3.3.1.x86_64",
"product_id": "python312-doc-3.12.4-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-doc-devhelp-3.12.4-150600.3.3.1.x86_64",
"product": {
"name": "python312-doc-devhelp-3.12.4-150600.3.3.1.x86_64",
"product_id": "python312-doc-devhelp-3.12.4-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-idle-3.12.4-150600.3.3.1.x86_64",
"product": {
"name": "python312-idle-3.12.4-150600.3.3.1.x86_64",
"product_id": "python312-idle-3.12.4-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-testsuite-3.12.4-150600.3.3.1.x86_64",
"product": {
"name": "python312-testsuite-3.12.4-150600.3.3.1.x86_64",
"product_id": "python312-testsuite-3.12.4-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-tk-3.12.4-150600.3.3.1.x86_64",
"product": {
"name": "python312-tk-3.12.4-150600.3.3.1.x86_64",
"product_id": "python312-tk-3.12.4-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-tools-3.12.4-150600.3.3.1.x86_64",
"product": {
"name": "python312-tools-3.12.4-150600.3.3.1.x86_64",
"product_id": "python312-tools-3.12.4-150600.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-3.12.4-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-3.12.4-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-3.12.4-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-3.12.4-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-base-3.12.4-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-base-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-base-3.12.4-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-base-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-base-3.12.4-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-base-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-base-3.12.4-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-base-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-curses-3.12.4-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-curses-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-curses-3.12.4-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-curses-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-curses-3.12.4-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-curses-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-curses-3.12.4-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-curses-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-dbm-3.12.4-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-dbm-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-dbm-3.12.4-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-dbm-3.12.4-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-dbm-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-dbm-3.12.4-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-dbm-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-devel-3.12.4-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-devel-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-devel-3.12.4-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-devel-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-devel-3.12.4-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-devel-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-devel-3.12.4-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-devel-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-idle-3.12.4-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-idle-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-idle-3.12.4-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-idle-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-idle-3.12.4-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-idle-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-idle-3.12.4-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-idle-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tk-3.12.4-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-tk-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tk-3.12.4-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-tk-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tk-3.12.4-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-tk-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tk-3.12.4-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-tk-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tools-3.12.4-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-tools-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tools-3.12.4-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-tools-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tools-3.12.4-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-tools-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tools-3.12.4-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-tools-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_12-1_0-32bit-3.12.4-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_12-1_0-32bit-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "libpython3_12-1_0-32bit-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-3.12.4-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-3.12.4-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-3.12.4-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-3.12.4-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-32bit-3.12.4-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-32bit-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-32bit-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-base-3.12.4-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-base-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-base-3.12.4-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-base-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-base-3.12.4-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-base-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-base-3.12.4-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-base-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-base-32bit-3.12.4-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-base-32bit-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-base-32bit-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-curses-3.12.4-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-curses-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-curses-3.12.4-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-curses-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-curses-3.12.4-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-curses-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-curses-3.12.4-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-curses-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-dbm-3.12.4-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-dbm-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-dbm-3.12.4-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-dbm-3.12.4-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-dbm-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-dbm-3.12.4-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-dbm-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-devel-3.12.4-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-devel-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-devel-3.12.4-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-devel-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-devel-3.12.4-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-devel-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-devel-3.12.4-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-devel-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-doc-3.12.4-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-doc-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-doc-3.12.4-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-doc-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-doc-3.12.4-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-doc-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-doc-3.12.4-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-doc-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-doc-devhelp-3.12.4-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-doc-devhelp-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-doc-devhelp-3.12.4-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-doc-devhelp-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-doc-devhelp-3.12.4-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-doc-devhelp-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-doc-devhelp-3.12.4-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-doc-devhelp-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-idle-3.12.4-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-idle-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-idle-3.12.4-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-idle-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-idle-3.12.4-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-idle-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-idle-3.12.4-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-idle-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-testsuite-3.12.4-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-testsuite-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-testsuite-3.12.4-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-testsuite-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-testsuite-3.12.4-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-testsuite-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-testsuite-3.12.4-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-testsuite-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tk-3.12.4-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-tk-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tk-3.12.4-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-tk-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tk-3.12.4-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-tk-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tk-3.12.4-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-tk-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tools-3.12.4-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.aarch64"
},
"product_reference": "python312-tools-3.12.4-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tools-3.12.4-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.ppc64le"
},
"product_reference": "python312-tools-3.12.4-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tools-3.12.4-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.s390x"
},
"product_reference": "python312-tools-3.12.4-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-tools-3.12.4-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.x86_64"
},
"product_reference": "python312-tools-3.12.4-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-0397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0397"
}
],
"notes": [
{
"category": "general",
"text": "A defect was discovered in the Python \"ssl\" module where there is a memory\nrace condition with the ssl.SSLContext methods \"cert_store_stats()\" and\n\"get_ca_certs()\". The race condition can be triggered if the methods are\ncalled at the same time as certificates are loaded into the SSLContext,\nsuch as during the TLS handshake with a certificate directory configured.\nThis issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0397",
"url": "https://www.suse.com/security/cve/CVE-2024-0397"
},
{
"category": "external",
"summary": "SUSE Bug 1226447 for CVE-2024-0397",
"url": "https://bugzilla.suse.com/1226447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-22T10:34:49Z",
"details": "moderate"
}
],
"title": "CVE-2024-0397"
},
{
"cve": "CVE-2024-4030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4030"
}
],
"notes": [
{
"category": "general",
"text": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you\u0027re not using Windows or haven\u0027t changed the temporary directory location then you aren\u0027t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \"700\" for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4030",
"url": "https://www.suse.com/security/cve/CVE-2024-4030"
},
{
"category": "external",
"summary": "SUSE Bug 1227152 for CVE-2024-4030",
"url": "https://bugzilla.suse.com/1227152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-22T10:34:49Z",
"details": "moderate"
}
],
"title": "CVE-2024-4030"
},
{
"cve": "CVE-2024-4032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4032"
}
],
"notes": [
{
"category": "general",
"text": "The \"ipaddress\" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \"globally reachable\" or \"private\". This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u0027t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\n\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4032",
"url": "https://www.suse.com/security/cve/CVE-2024-4032"
},
{
"category": "external",
"summary": "SUSE Bug 1226448 for CVE-2024-4032",
"url": "https://bugzilla.suse.com/1226448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpython3_12-1_0-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpython3_12-1_0-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-base-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-base-32bit-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-curses-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-dbm-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-devel-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-doc-devhelp-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-idle-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-testsuite-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tk-3.12.4-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.s390x",
"openSUSE Leap 15.6:python312-tools-3.12.4-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-22T10:34:49Z",
"details": "low"
}
],
"title": "CVE-2024-4032"
}
]
}
suse-su-2025:20154-1
Vulnerability from csaf_suse
Published
2025-03-19 11:31
Modified
2025-03-19 11:31
Summary
Security update for python311
Notes
Title of the patch
Security update for python311
Description of the patch
This update for python311 fixes the following issues:
- Skip PGO with %want_reproducible_builds (bsc#1239210)
- CVE-2025-0938: Disallows square brackets ([ and ]) in domain names for parsed
URLs (bsc#1236705).
- Configure externally_managed with a bcond (bsc#1228165).
- Update to 3.11.11:
- Tools/Demos
- gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15
and multissltests to use 3.0.15, 3.1.7, and 3.2.3.
- Tests
- gh-125041: Re-enable skipped tests for zlib on the
s390x architecture: only skip checks of the compressed
bytes, which can be different between zlib’s software
implementation and the hardware-accelerated implementation.
- Security
- gh-126623: Upgrade libexpat to 2.6.4
- gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to
consistently use the mapped IPv4 address value for deciding
properties. Properties which have their behavior fixed are
is_multicast, is_reserved, is_link_local, is_global, and
is_unspecified.
- Library
- gh-124651: Properly quote template strings in venv
activation scripts (bsc#1232241, CVE-2024-9287).
- Remove -IVendor/ from python-config (bsc#1231795)
- CVE-2024-9287: Properly quote path names provided when creating a
virtual environment (bsc#1232241)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Update to 3.11.10:
- Security
- gh-123678: Upgrade libexpat to 2.6.3
- gh-121957: Fixed missing audit events around interactive
use of Python, now also properly firing for ``python -i``,
as well as for ``python -m asyncio``. The event in question
is ``cpython.run_stdin``.
- gh-122133: Authenticate the socket connection for the
``socket.socketpair()`` fallback on platforms where
``AF_UNIX`` is not available like Windows. Patch by
Gregory P. Smith <greg@krypto.org> and Seth Larson
<seth@python.org>. Reported by Ellie <el@horse64.org>
- gh-121285: Remove backtracking from tarfile header parsing
for ``hdrcharset``, PAX, and GNU sparse headers
(bsc#1230227, CVE-2024-6232).
- gh-118486: :func:`os.mkdir` on Windows now accepts
*mode* of ``0o700`` to restrict the new directory to
the current user. This fixes CVE-2024-4030 affecting
:func:`tempfile.mkdtemp` in scenarios where the base
temporary directory is more permissive than the default.
- gh-116741: Update bundled libexpat to 2.6.2
- Library
- gh-123270: Applied a more surgical fix for malformed
payloads in :class:`zipfile.Path` causing infinite loops
(gh-122905) without breaking contents using legitimate
characters (bsc#1229704, CVE-2024-8088).
- gh-123067: Fix quadratic complexity in parsing ``"``-quoted
cookie values with backslashes by :mod:`http.cookies`
(bsc#1229596, CVE-2024-7592).
- gh-122905: :class:`zipfile.Path` objects now sanitize names
from the zipfile.
- gh-121650: :mod:`email` headers with embedded newlines are
now quoted on output. The :mod:`~email.generator` will now
refuse to serialize (write) headers that are unsafely folded
or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`.
(Contributed by Bas Bloemsaat and Petr Viktorin in
:gh:`121650`; CVE-2024-6923, bsc#1228780).
- gh-119506: Fix :meth:`!io.TextIOWrapper.write` method
breaks internal buffer when the method is called again
during flushing internal buffer.
- gh-118643: Fix an AttributeError in the :mod:`email` module
when re-fold a long address list. Also fix more cases of
incorrect encoding of the address separator in the address
list.
- gh-113171: Fixed various false positives and false
negatives in * :attr:`ipaddress.IPv4Address.is_private`
(see these docs for details) *
:attr:`ipaddress.IPv4Address.is_global` *
:attr:`ipaddress.IPv6Address.is_private` *
:attr:`ipaddress.IPv6Address.is_global` Also in the
corresponding :class:`ipaddress.IPv4Network` and
:class:`ipaddress.IPv6Network` attributes.
Fixes bsc#1226448 (CVE-2024-4032).
- gh-102988: :func:`email.utils.getaddresses` and
:func:`email.utils.parseaddr` now return ``('', '')``
2-tuples in more situations where invalid email addresses
are encountered instead of potentially inaccurate
values. Add optional *strict* parameter to these two
functions: use ``strict=False`` to get the old behavior,
accept malformed inputs. ``getattr(email.utils,
'supports_strict_parsing', False)`` can be use to check if
the *strict* paramater is available. Patch by Thomas Dwyer
and Victor Stinner to improve the CVE-2023-27043 fix
(bsc#1210638).
- gh-67693: Fix :func:`urllib.parse.urlunparse` and
:func:`urllib.parse.urlunsplit` for URIs with path starting
with multiple slashes and no authority. Based on patch by
Ashwin Ramaswami.
- Core and Builtins
- gh-112275: A deadlock involving ``pystate.c``'s
``HEAD_LOCK`` in ``posixmodule.c`` at fork is now
fixed. Patch by ChuBoning based on previous Python 3.12 fix
by Victor Stinner.
- gh-109120: Added handle of incorrect star expressions, e.g
``f(3, *)``. Patch by Grigoryev Semyon
- CVE-2024-8088: Prevent malformed payload to cause infinite loops in
zipfile.Path (bsc#1229704).
- Make pip and modern tools install directly in /usr/local when used by the user.
(bsc#1225660).
- CVE-2024-4032: Fix rearranging definition of private v global IP addresses (bsc#1226448).
- Update to 3.11.9:
* Security
- gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
(CVE-2023-52425, bsc#1219559) by adding five new methods:
xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
- gh-115399: Update bundled libexpat to 2.6.0
- gh-115243: Fix possible crashes in collections.deque.index()
when the deque is concurrently modified.
- gh-114572: ssl.SSLContext.cert_store_stats() and
ssl.SSLContext.get_ca_certs() now correctly lock access to the
certificate store, when the ssl.SSLContext is shared across
multiple threads (bsc#1226447, CVE-2024-0397).
* Core and Builtins
- gh-116296: Fix possible refleak in object.__reduce__() internal
error handling.
- gh-116034: Fix location of the error on a failed assertion.
- gh-115823: Properly calculate error ranges in the parser when
raising SyntaxError exceptions caused by invalid byte sequences.
Patch by Pablo Galindo
- gh-112087: For an empty reverse iterator for list will be
reduced to reversed(). Patch by Donghee Na.
- gh-115011: Setters for members with an unsigned integer type now
support the same range of valid values for objects that has a
__index__() method as for int.
- gh-96497: Fix incorrect resolution of mangled class variables
used in assignment expressions in comprehensions.
* Library
- gh-117310: Fixed an unlikely early & extra Py_DECREF triggered
crash in ssl when creating a new _ssl._SSLContext if CPython was
built implausibly such that the default cipher list is empty or
the SSL library it was linked against reports a failure from its
C SSL_CTX_set_cipher_list() API.
- gh-117178: Fix regression in lazy loading of self-referential
modules, introduced in gh-114781.
- gh-117084: Fix zipfile extraction for directory entries with the
name containing backslashes on Windows.
- gh-117110: Fix a bug that prevents subclasses of typing.Any to
be instantiated with arguments. Patch by Chris Fu.
- gh-90872: On Windows, subprocess.Popen.wait() no longer calls
WaitForSingleObject() with a negative timeout: pass 0 ms if the
timeout is negative. Patch by Victor Stinner.
- gh-116957: configparser: Don’t leave ConfigParser values in an
invalid state (stored as a list instead of a str) after an
earlier read raised DuplicateSectionError or
DuplicateOptionError.
- gh-90095: Ignore empty lines and comments in .pdbrc
- gh-116764: Restore support of None and other false values in
urllib.parse functions parse_qs() and parse_qsl(). Also, they
now raise a TypeError for non-zero integers and non-empty
sequences.
- gh-116811: In PathFinder.invalidate_caches, delegate to
MetadataPathFinder.invalidate_caches.
- gh-116600: Fix repr() for global Flag members.
- gh-116484: Change automatically generated tkinter.Checkbutton
widget names to avoid collisions with automatically generated
tkinter.ttk.Checkbutton widget names within the same parent
widget.
- gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on
opening named pipe.
- gh-116143: Fix a race in pydoc _start_server, eliminating a
window in which _start_server can return a thread that is
“serving” but without a docserver set.
- gh-116325: typing: raise SyntaxError instead of AttributeError
on forward references as empty strings.
- gh-90535: Fix support of interval values > 1 in
logging.TimedRotatingFileHandler for when='MIDNIGHT' and
when='Wx'.
- gh-115978: Disable preadv(), readv(), pwritev(), and writev() on
WASI.
- Under wasmtime for WASI 0.2, these functions don’t pass
test_posix
(https://github.com/bytecodealliance/wasmtime/issues/7830).
- gh-88352: Fix the computation of the next rollover time in the
logging.TimedRotatingFileHandler handler. computeRollover() now
always returns a timestamp larger than the specified time and
works correctly during the DST change. doRollover() no longer
overwrite the already rolled over file, saving from data loss
when run at midnight or during repeated time at the DST change.
- gh-87115: Set __main__.__spec__ to None when running a script
with pdb
- gh-76511: Fix UnicodeEncodeError in email.Message.as_string()
that results when a message that claims to be in the ascii
character set actually has non-ascii characters. Non-ascii
characters are now replaced with the U+FFFD replacement
character, like in the replace error handler.
- gh-75988: Fixed unittest.mock.create_autospec() to pass the call
through to the wrapped object to return the real result.
- gh-115881: Fix issue where ast.parse() would incorrectly flag
conditional context managers (such as with (x() if y else z()):
...) as invalid syntax if feature_version=(3, 8) was passed.
This reverts changes to the grammar made as part of gh-94949.
- gh-115886: Fix silent truncation of the name with an embedded
null character in multiprocessing.shared_memory.SharedMemory.
- gh-115809: Improve algorithm for computing which rolled-over log
files to delete in logging.TimedRotatingFileHandler. It is now
reliable for handlers without namer and with arbitrary
deterministic namer that leaves the datetime part in the file
name unmodified.
- gh-74668: urllib.parse functions parse_qs() and parse_qsl() now
support bytes arguments containing raw and percent-encoded
non-ASCII data.
- gh-67044: csv.writer() now always quotes or escapes '\r' and
'\n', regardless of lineterminator value.
- gh-115712: csv.writer() now quotes empty fields if delimiter is
a space and skipinitialspace is true and raises exception if
quoting is not possible.
- gh-115618: Fix improper decreasing the reference count for None
argument in property methods getter(), setter() and deleter().
- gh-115570: A DeprecationWarning is no longer omitted on access
to the __doc__ attributes of the deprecated typing.io and
typing.re pseudo-modules.
- gh-112006: Fix inspect.unwrap() for types with the __wrapper__
data descriptor.
- gh-101293: Support callables with the __call__() method and
types with __new__() and __init__() methods set to class
methods, static methods, bound methods, partial functions, and
other types of methods and descriptors in
inspect.Signature.from_callable().
- gh-115392: Fix a bug in doctest where incorrect line numbers
would be reported for decorated functions.
- gh-114563: Fix several format() bugs when using the C
implementation of Decimal: * memory leak in some rare cases when
using the z format option (coerce negative 0) * incorrect output
when applying the z format option to type F (fixed-point with
capital NAN / INF) * incorrect output when applying the # format
option (alternate form)
- gh-115197: urllib.request no longer resolves the hostname before
checking it against the system’s proxy bypass list on macOS and
Windows.
- gh-115198: Fix support of Docutils >= 0.19 in distutils.
- gh-115165: Most exceptions are now ignored when attempting to
set the __orig_class__ attribute on objects returned when
calling typing generic aliases (including generic aliases
created using typing.Annotated). Previously only AttributeError
was ignored. Patch by Dave Shawley.
- gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
- gh-115059: io.BufferedRandom.read1() now flushes the underlying
write buffer.
- gh-79382: Trailing ** no longer allows to match files and
non-existing paths in recursive glob().
- gh-114763: Protect modules loaded with importlib.util.LazyLoader
from race conditions when multiple threads try to access
attributes before the loading is complete.
- gh-97959: Fix rendering class methods, bound methods, method and
function aliases in pydoc. Class methods no longer have “method
of builtins.type instance” note. Corresponding notes are now
added for class and unbound methods. Method and function aliases
now have references to the module or the class where the origin
was defined if it differs from the current. Bound methods are
now listed in the static methods section. Methods of builtin
classes are now supported as well as methods of Python classes.
- gh-112281: Allow creating union of types for typing.Annotated
with unhashable metadata.
- gh-111775: Fix importlib.resources.simple.ResourceHandle.open()
for text mode, added missed stream argument.
- gh-90095: Make .pdbrc and -c work with any valid pdb commands.
- gh-107155: Fix incorrect output of help(x) where x is a lambda
function, which has an __annotations__ dictionary attribute with
a "return" key.
- gh-105866: Fixed _get_slots bug which caused error when defining
dataclasses with slots and a weakref_slot.
- gh-60346: Fix ArgumentParser inconsistent with parse_known_args.
- gh-100985: Update HTTPSConnection to consistently wrap IPv6
Addresses when using a proxy.
- gh-100884: email: fix misfolding of comma in address-lists
over multiple lines in combination with unicode encoding
(bsc#1238450 CVE-2025-1795)
- gh-95782: Fix io.BufferedReader.tell(),
io.BufferedReader.seek(), _pyio.BufferedReader.tell(),
io.BufferedRandom.tell(), io.BufferedRandom.seek() and
_pyio.BufferedRandom.tell() being able to return negative
offsets.
- gh-96310: Fix a traceback in argparse when all options in a
mutually exclusive group are suppressed.
- gh-93205: Fixed a bug in
logging.handlers.TimedRotatingFileHandler where multiple
rotating handler instances pointing to files with the same name
but different extensions would conflict and not delete the
correct files.
- bpo-44865: Add missing call to localization function in
argparse.
- bpo-43952: Fix multiprocessing.connection.Listener.accept() to
accept empty bytes as authkey. Not accepting empty bytes as key
causes it to hang indefinitely.
- bpo-42125: linecache: get module name from __spec__ if
available. This allows getting source code for the __main__
module when a custom loader is used.
- gh-66543: Make mimetypes.guess_type() properly parsing of URLs
with only a host name, URLs containing fragment or query, and
filenames with only a UNC sharepoint on Windows. Based on patch
by Dong-hee Na.
- bpo-33775: Add ‘default’ and ‘version’ help text for
localization in argparse.
* Documentation
- gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML
vulnerabilities”.
- gh-115233: Fix an example for LoggerAdapter in the Logging
Cookbook.
* Tests
- gh-83434: Disable JUnit XML output (--junit-xml=FILE command
line option) in regrtest when hunting for reference leaks (-R
option). Patch by Victor Stinner.
- gh-117187: Fix XML tests for vanilla Expat <2.6.0.
- gh-115979: Update test_importlib so that it passes under WASI
SDK 21.
- gh-116307: Added import helper isolated_modules as CleanImport
does not remove modules imported during the context.
- gh-115720: Leak tests (-R, --huntrleaks) now show a summary of
the number of leaks found in each iteration.
- gh-115122: Add --bisect option to regrtest test runner: run
failed tests with test.bisect_cmd to identify failing tests.
Patch by Victor Stinner.
- gh-115596: Fix ProgramPriorityTests in test_os permanently
changing the process priority.
- gh-115198: Fix test_check_metadata_deprecate in distutils tests
with a newer Docutils.
* Build
- gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI
0.2/preview2 primitives.
- gh-115167: Avoid vendoring vcruntime140_threads.dll when
building with Visual Studio 2022 version 17.8.
* Windows
- gh-116773: Fix instances of <_overlapped.Overlapped object at
0xXXX> still has pending operation at deallocation, the process
may crash.
- gh-91227: Fix the asyncio ProactorEventLoop implementation so
that sending a datagram to an address that is not listening does
not prevent receiving any more datagrams.
- gh-115554: The installer now has more strict rules about
updating the Python Launcher for Windows. In general, most users
only have a single launcher installed and will see no
difference. When multiple launchers have been installed, the
option to install the launcher is disabled until all but one
have been removed. Downgrading the launcher (which was never
allowed) is now more obviously blocked.
- gh-115543: Python Launcher for Windows can now detect Python
3.13 when installed from the Microsoft Store, and will install
Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set.
- gh-115009: Update Windows installer to use SQLite 3.45.1.
* IDLE
- gh-88516: On macOS show a proxy icon in the title bar of editor
windows to match platform behaviour.
* Tools/Demos
- gh-113516: Don’t set LDSHARED when building for WASI.
* C API
- gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows
64-bit platforms.
- Add reference to CVE-2024-0450 (bsc#1221854) to changelog.
Patchnames
SUSE-SLE-Micro-6.0-253
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python311",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python311 fixes the following issues:\n\n- Skip PGO with %want_reproducible_builds (bsc#1239210)\n\n- CVE-2025-0938: Disallows square brackets ([ and ]) in domain names for parsed\n URLs (bsc#1236705).\n\n- Configure externally_managed with a bcond (bsc#1228165).\n\n- Update to 3.11.11:\n - Tools/Demos\n - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15\n and multissltests to use 3.0.15, 3.1.7, and 3.2.3.\n - Tests\n - gh-125041: Re-enable skipped tests for zlib on the\n s390x architecture: only skip checks of the compressed\n bytes, which can be different between zlib\u2019s software\n implementation and the hardware-accelerated implementation.\n - Security\n - gh-126623: Upgrade libexpat to 2.6.4\n - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to\n consistently use the mapped IPv4 address value for deciding\n properties. Properties which have their behavior fixed are\n is_multicast, is_reserved, is_link_local, is_global, and\n is_unspecified.\n - Library\n - gh-124651: Properly quote template strings in venv\n activation scripts (bsc#1232241, CVE-2024-9287).\n\n- Remove -IVendor/ from python-config (bsc#1231795)\n\n- CVE-2024-9287: Properly quote path names provided when creating a\n virtual environment (bsc#1232241)\n\n- Drop .pyc files from docdir for reproducible builds\n (bsc#1230906).\n\n- Update to 3.11.10:\n - Security\n - gh-123678: Upgrade libexpat to 2.6.3\n - gh-121957: Fixed missing audit events around interactive\n use of Python, now also properly firing for ``python -i``,\n as well as for ``python -m asyncio``. The event in question\n is ``cpython.run_stdin``.\n - gh-122133: Authenticate the socket connection for the\n ``socket.socketpair()`` fallback on platforms where\n ``AF_UNIX`` is not available like Windows. Patch by\n Gregory P. Smith \u003cgreg@krypto.org\u003e and Seth Larson\n \u003cseth@python.org\u003e. Reported by Ellie \u003cel@horse64.org\u003e\n - gh-121285: Remove backtracking from tarfile header parsing\n for ``hdrcharset``, PAX, and GNU sparse headers\n (bsc#1230227, CVE-2024-6232).\n - gh-118486: :func:`os.mkdir` on Windows now accepts\n *mode* of ``0o700`` to restrict the new directory to\n the current user. This fixes CVE-2024-4030 affecting\n :func:`tempfile.mkdtemp` in scenarios where the base\n temporary directory is more permissive than the default.\n - gh-116741: Update bundled libexpat to 2.6.2\n - Library\n - gh-123270: Applied a more surgical fix for malformed\n payloads in :class:`zipfile.Path` causing infinite loops\n (gh-122905) without breaking contents using legitimate\n characters (bsc#1229704, CVE-2024-8088).\n - gh-123067: Fix quadratic complexity in parsing ``\"``-quoted\n cookie values with backslashes by :mod:`http.cookies`\n (bsc#1229596, CVE-2024-7592).\n - gh-122905: :class:`zipfile.Path` objects now sanitize names\n from the zipfile.\n - gh-121650: :mod:`email` headers with embedded newlines are\n now quoted on output. The :mod:`~email.generator` will now\n refuse to serialize (write) headers that are unsafely folded\n or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`.\n (Contributed by Bas Bloemsaat and Petr Viktorin in\n :gh:`121650`; CVE-2024-6923, bsc#1228780).\n - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method\n breaks internal buffer when the method is called again\n during flushing internal buffer.\n - gh-118643: Fix an AttributeError in the :mod:`email` module\n when re-fold a long address list. Also fix more cases of\n incorrect encoding of the address separator in the address\n list.\n - gh-113171: Fixed various false positives and false\n negatives in * :attr:`ipaddress.IPv4Address.is_private`\n (see these docs for details) *\n :attr:`ipaddress.IPv4Address.is_global` *\n :attr:`ipaddress.IPv6Address.is_private` *\n :attr:`ipaddress.IPv6Address.is_global` Also in the\n corresponding :class:`ipaddress.IPv4Network` and\n :class:`ipaddress.IPv6Network` attributes.\n Fixes bsc#1226448 (CVE-2024-4032).\n - gh-102988: :func:`email.utils.getaddresses` and\n :func:`email.utils.parseaddr` now return ``(\u0027\u0027, \u0027\u0027)``\n 2-tuples in more situations where invalid email addresses\n are encountered instead of potentially inaccurate\n values. Add optional *strict* parameter to these two\n functions: use ``strict=False`` to get the old behavior,\n accept malformed inputs. ``getattr(email.utils,\n \u0027supports_strict_parsing\u0027, False)`` can be use to check if\n the *strict* paramater is available. Patch by Thomas Dwyer\n and Victor Stinner to improve the CVE-2023-27043 fix\n (bsc#1210638).\n - gh-67693: Fix :func:`urllib.parse.urlunparse` and\n :func:`urllib.parse.urlunsplit` for URIs with path starting\n with multiple slashes and no authority. Based on patch by\n Ashwin Ramaswami.\n - Core and Builtins\n - gh-112275: A deadlock involving ``pystate.c``\u0027s\n ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now\n fixed. Patch by ChuBoning based on previous Python 3.12 fix\n by Victor Stinner.\n - gh-109120: Added handle of incorrect star expressions, e.g\n ``f(3, *)``. Patch by Grigoryev Semyon\n\n\n- CVE-2024-8088: Prevent malformed payload to cause infinite loops in\n zipfile.Path (bsc#1229704).\n\n- Make pip and modern tools install directly in /usr/local when used by the user.\n (bsc#1225660).\n \n- CVE-2024-4032: Fix rearranging definition of private v global IP addresses (bsc#1226448).\n\n- Update to 3.11.9:\n * Security\n - gh-115398: Allow controlling Expat \u003e=2.6.0 reparse deferral\n (CVE-2023-52425, bsc#1219559) by adding five new methods:\n xml.etree.ElementTree.XMLParser.flush()\n xml.etree.ElementTree.XMLPullParser.flush()\n xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()\n xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()\n xml.sax.expatreader.ExpatParser.flush()\n - gh-115399: Update bundled libexpat to 2.6.0\n - gh-115243: Fix possible crashes in collections.deque.index()\n when the deque is concurrently modified.\n - gh-114572: ssl.SSLContext.cert_store_stats() and\n ssl.SSLContext.get_ca_certs() now correctly lock access to the\n certificate store, when the ssl.SSLContext is shared across\n multiple threads (bsc#1226447, CVE-2024-0397).\n * Core and Builtins\n - gh-116296: Fix possible refleak in object.__reduce__() internal\n error handling.\n - gh-116034: Fix location of the error on a failed assertion.\n - gh-115823: Properly calculate error ranges in the parser when\n raising SyntaxError exceptions caused by invalid byte sequences.\n Patch by Pablo Galindo\n - gh-112087: For an empty reverse iterator for list will be\n reduced to reversed(). Patch by Donghee Na.\n - gh-115011: Setters for members with an unsigned integer type now\n support the same range of valid values for objects that has a\n __index__() method as for int.\n - gh-96497: Fix incorrect resolution of mangled class variables\n used in assignment expressions in comprehensions.\n * Library\n - gh-117310: Fixed an unlikely early \u0026 extra Py_DECREF triggered\n crash in ssl when creating a new _ssl._SSLContext if CPython was\n built implausibly such that the default cipher list is empty or\n the SSL library it was linked against reports a failure from its\n C SSL_CTX_set_cipher_list() API.\n - gh-117178: Fix regression in lazy loading of self-referential\n modules, introduced in gh-114781.\n - gh-117084: Fix zipfile extraction for directory entries with the\n name containing backslashes on Windows.\n - gh-117110: Fix a bug that prevents subclasses of typing.Any to\n be instantiated with arguments. Patch by Chris Fu.\n - gh-90872: On Windows, subprocess.Popen.wait() no longer calls\n WaitForSingleObject() with a negative timeout: pass 0 ms if the\n timeout is negative. Patch by Victor Stinner.\n - gh-116957: configparser: Don\u2019t leave ConfigParser values in an\n invalid state (stored as a list instead of a str) after an\n earlier read raised DuplicateSectionError or\n DuplicateOptionError.\n - gh-90095: Ignore empty lines and comments in .pdbrc\n - gh-116764: Restore support of None and other false values in\n urllib.parse functions parse_qs() and parse_qsl(). Also, they\n now raise a TypeError for non-zero integers and non-empty\n sequences.\n - gh-116811: In PathFinder.invalidate_caches, delegate to\n MetadataPathFinder.invalidate_caches.\n - gh-116600: Fix repr() for global Flag members.\n - gh-116484: Change automatically generated tkinter.Checkbutton\n widget names to avoid collisions with automatically generated\n tkinter.ttk.Checkbutton widget names within the same parent\n widget.\n - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on\n opening named pipe.\n - gh-116143: Fix a race in pydoc _start_server, eliminating a\n window in which _start_server can return a thread that is\n \u201cserving\u201d but without a docserver set.\n - gh-116325: typing: raise SyntaxError instead of AttributeError\n on forward references as empty strings.\n - gh-90535: Fix support of interval values \u003e 1 in\n logging.TimedRotatingFileHandler for when=\u0027MIDNIGHT\u0027 and\n when=\u0027Wx\u0027.\n - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on\n WASI.\n - Under wasmtime for WASI 0.2, these functions don\u2019t pass\n test_posix\n (https://github.com/bytecodealliance/wasmtime/issues/7830).\n - gh-88352: Fix the computation of the next rollover time in the\n logging.TimedRotatingFileHandler handler. computeRollover() now\n always returns a timestamp larger than the specified time and\n works correctly during the DST change. doRollover() no longer\n overwrite the already rolled over file, saving from data loss\n when run at midnight or during repeated time at the DST change.\n - gh-87115: Set __main__.__spec__ to None when running a script\n with pdb\n - gh-76511: Fix UnicodeEncodeError in email.Message.as_string()\n that results when a message that claims to be in the ascii\n character set actually has non-ascii characters. Non-ascii\n characters are now replaced with the U+FFFD replacement\n character, like in the replace error handler.\n - gh-75988: Fixed unittest.mock.create_autospec() to pass the call\n through to the wrapped object to return the real result.\n - gh-115881: Fix issue where ast.parse() would incorrectly flag\n conditional context managers (such as with (x() if y else z()):\n ...) as invalid syntax if feature_version=(3, 8) was passed.\n This reverts changes to the grammar made as part of gh-94949.\n - gh-115886: Fix silent truncation of the name with an embedded\n null character in multiprocessing.shared_memory.SharedMemory.\n - gh-115809: Improve algorithm for computing which rolled-over log\n files to delete in logging.TimedRotatingFileHandler. It is now\n reliable for handlers without namer and with arbitrary\n deterministic namer that leaves the datetime part in the file\n name unmodified.\n - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now\n support bytes arguments containing raw and percent-encoded\n non-ASCII data.\n - gh-67044: csv.writer() now always quotes or escapes \u0027\\r\u0027 and\n \u0027\\n\u0027, regardless of lineterminator value.\n - gh-115712: csv.writer() now quotes empty fields if delimiter is\n a space and skipinitialspace is true and raises exception if\n quoting is not possible.\n - gh-115618: Fix improper decreasing the reference count for None\n argument in property methods getter(), setter() and deleter().\n - gh-115570: A DeprecationWarning is no longer omitted on access\n to the __doc__ attributes of the deprecated typing.io and\n typing.re pseudo-modules.\n - gh-112006: Fix inspect.unwrap() for types with the __wrapper__\n data descriptor.\n - gh-101293: Support callables with the __call__() method and\n types with __new__() and __init__() methods set to class\n methods, static methods, bound methods, partial functions, and\n other types of methods and descriptors in\n inspect.Signature.from_callable().\n - gh-115392: Fix a bug in doctest where incorrect line numbers\n would be reported for decorated functions.\n - gh-114563: Fix several format() bugs when using the C\n implementation of Decimal: * memory leak in some rare cases when\n using the z format option (coerce negative 0) * incorrect output\n when applying the z format option to type F (fixed-point with\n capital NAN / INF) * incorrect output when applying the # format\n option (alternate form)\n - gh-115197: urllib.request no longer resolves the hostname before\n checking it against the system\u2019s proxy bypass list on macOS and\n Windows.\n - gh-115198: Fix support of Docutils \u003e= 0.19 in distutils.\n - gh-115165: Most exceptions are now ignored when attempting to\n set the __orig_class__ attribute on objects returned when\n calling typing generic aliases (including generic aliases\n created using typing.Annotated). Previously only AttributeError\n was ignored. Patch by Dave Shawley.\n - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.\n - gh-115059: io.BufferedRandom.read1() now flushes the underlying\n write buffer.\n - gh-79382: Trailing ** no longer allows to match files and\n non-existing paths in recursive glob().\n - gh-114763: Protect modules loaded with importlib.util.LazyLoader\n from race conditions when multiple threads try to access\n attributes before the loading is complete.\n - gh-97959: Fix rendering class methods, bound methods, method and\n function aliases in pydoc. Class methods no longer have \u201cmethod\n of builtins.type instance\u201d note. Corresponding notes are now\n added for class and unbound methods. Method and function aliases\n now have references to the module or the class where the origin\n was defined if it differs from the current. Bound methods are\n now listed in the static methods section. Methods of builtin\n classes are now supported as well as methods of Python classes.\n - gh-112281: Allow creating union of types for typing.Annotated\n with unhashable metadata.\n - gh-111775: Fix importlib.resources.simple.ResourceHandle.open()\n for text mode, added missed stream argument.\n - gh-90095: Make .pdbrc and -c work with any valid pdb commands.\n - gh-107155: Fix incorrect output of help(x) where x is a lambda\n function, which has an __annotations__ dictionary attribute with\n a \"return\" key.\n - gh-105866: Fixed _get_slots bug which caused error when defining\n dataclasses with slots and a weakref_slot.\n - gh-60346: Fix ArgumentParser inconsistent with parse_known_args.\n - gh-100985: Update HTTPSConnection to consistently wrap IPv6\n Addresses when using a proxy.\n - gh-100884: email: fix misfolding of comma in address-lists\n over multiple lines in combination with unicode encoding\n (bsc#1238450 CVE-2025-1795)\n - gh-95782: Fix io.BufferedReader.tell(),\n io.BufferedReader.seek(), _pyio.BufferedReader.tell(),\n io.BufferedRandom.tell(), io.BufferedRandom.seek() and\n _pyio.BufferedRandom.tell() being able to return negative\n offsets.\n - gh-96310: Fix a traceback in argparse when all options in a\n mutually exclusive group are suppressed.\n - gh-93205: Fixed a bug in\n logging.handlers.TimedRotatingFileHandler where multiple\n rotating handler instances pointing to files with the same name\n but different extensions would conflict and not delete the\n correct files.\n - bpo-44865: Add missing call to localization function in\n argparse.\n - bpo-43952: Fix multiprocessing.connection.Listener.accept() to\n accept empty bytes as authkey. Not accepting empty bytes as key\n causes it to hang indefinitely.\n - bpo-42125: linecache: get module name from __spec__ if\n available. This allows getting source code for the __main__\n module when a custom loader is used.\n - gh-66543: Make mimetypes.guess_type() properly parsing of URLs\n with only a host name, URLs containing fragment or query, and\n filenames with only a UNC sharepoint on Windows. Based on patch\n by Dong-hee Na.\n - bpo-33775: Add \u2018default\u2019 and \u2018version\u2019 help text for\n localization in argparse.\n * Documentation\n - gh-115399: Document CVE-2023-52425 of Expat \u003c2.6.0 under \u201cXML\n vulnerabilities\u201d.\n - gh-115233: Fix an example for LoggerAdapter in the Logging\n Cookbook.\n * Tests\n - gh-83434: Disable JUnit XML output (--junit-xml=FILE command\n line option) in regrtest when hunting for reference leaks (-R\n option). Patch by Victor Stinner.\n - gh-117187: Fix XML tests for vanilla Expat \u003c2.6.0.\n - gh-115979: Update test_importlib so that it passes under WASI\n SDK 21.\n - gh-116307: Added import helper isolated_modules as CleanImport\n does not remove modules imported during the context.\n - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of\n the number of leaks found in each iteration.\n - gh-115122: Add --bisect option to regrtest test runner: run\n failed tests with test.bisect_cmd to identify failing tests.\n Patch by Victor Stinner.\n - gh-115596: Fix ProgramPriorityTests in test_os permanently\n changing the process priority.\n - gh-115198: Fix test_check_metadata_deprecate in distutils tests\n with a newer Docutils.\n * Build\n - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI\n 0.2/preview2 primitives.\n - gh-115167: Avoid vendoring vcruntime140_threads.dll when\n building with Visual Studio 2022 version 17.8.\n * Windows\n - gh-116773: Fix instances of \u003c_overlapped.Overlapped object at\n 0xXXX\u003e still has pending operation at deallocation, the process\n may crash.\n - gh-91227: Fix the asyncio ProactorEventLoop implementation so\n that sending a datagram to an address that is not listening does\n not prevent receiving any more datagrams.\n - gh-115554: The installer now has more strict rules about\n updating the Python Launcher for Windows. In general, most users\n only have a single launcher installed and will see no\n difference. When multiple launchers have been installed, the\n option to install the launcher is disabled until all but one\n have been removed. Downgrading the launcher (which was never\n allowed) is now more obviously blocked.\n - gh-115543: Python Launcher for Windows can now detect Python\n 3.13 when installed from the Microsoft Store, and will install\n Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set.\n - gh-115009: Update Windows installer to use SQLite 3.45.1.\n * IDLE\n - gh-88516: On macOS show a proxy icon in the title bar of editor\n windows to match platform behaviour.\n * Tools/Demos\n - gh-113516: Don\u2019t set LDSHARED when building for WASI.\n * C API\n - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows\n 64-bit platforms.\n\n- Add reference to CVE-2024-0450 (bsc#1221854) to changelog.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-253",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20154-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20154-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520154-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20154-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021184.html"
},
{
"category": "self",
"summary": "SUSE Bug 1174091",
"url": "https://bugzilla.suse.com/1174091"
},
{
"category": "self",
"summary": "SUSE Bug 1210638",
"url": "https://bugzilla.suse.com/1210638"
},
{
"category": "self",
"summary": "SUSE Bug 1219559",
"url": "https://bugzilla.suse.com/1219559"
},
{
"category": "self",
"summary": "SUSE Bug 1219666",
"url": "https://bugzilla.suse.com/1219666"
},
{
"category": "self",
"summary": "SUSE Bug 1221854",
"url": "https://bugzilla.suse.com/1221854"
},
{
"category": "self",
"summary": "SUSE Bug 1225660",
"url": "https://bugzilla.suse.com/1225660"
},
{
"category": "self",
"summary": "SUSE Bug 1226447",
"url": "https://bugzilla.suse.com/1226447"
},
{
"category": "self",
"summary": "SUSE Bug 1226448",
"url": "https://bugzilla.suse.com/1226448"
},
{
"category": "self",
"summary": "SUSE Bug 1227378",
"url": "https://bugzilla.suse.com/1227378"
},
{
"category": "self",
"summary": "SUSE Bug 1227999",
"url": "https://bugzilla.suse.com/1227999"
},
{
"category": "self",
"summary": "SUSE Bug 1228165",
"url": "https://bugzilla.suse.com/1228165"
},
{
"category": "self",
"summary": "SUSE Bug 1228780",
"url": "https://bugzilla.suse.com/1228780"
},
{
"category": "self",
"summary": "SUSE Bug 1229596",
"url": "https://bugzilla.suse.com/1229596"
},
{
"category": "self",
"summary": "SUSE Bug 1229704",
"url": "https://bugzilla.suse.com/1229704"
},
{
"category": "self",
"summary": "SUSE Bug 1230227",
"url": "https://bugzilla.suse.com/1230227"
},
{
"category": "self",
"summary": "SUSE Bug 1230906",
"url": "https://bugzilla.suse.com/1230906"
},
{
"category": "self",
"summary": "SUSE Bug 1231795",
"url": "https://bugzilla.suse.com/1231795"
},
{
"category": "self",
"summary": "SUSE Bug 1232241",
"url": "https://bugzilla.suse.com/1232241"
},
{
"category": "self",
"summary": "SUSE Bug 1236705",
"url": "https://bugzilla.suse.com/1236705"
},
{
"category": "self",
"summary": "SUSE Bug 1238450",
"url": "https://bugzilla.suse.com/1238450"
},
{
"category": "self",
"summary": "SUSE Bug 1239210",
"url": "https://bugzilla.suse.com/1239210"
},
{
"category": "self",
"summary": "SUSE Bug 831629",
"url": "https://bugzilla.suse.com/831629"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-20907 page",
"url": "https://www.suse.com/security/cve/CVE-2019-20907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9947 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15523 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15523/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15801 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-25236 page",
"url": "https://www.suse.com/security/cve/CVE-2022-25236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-27043 page",
"url": "https://www.suse.com/security/cve/CVE-2023-27043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52425 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6597 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0397 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0450 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0450/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4030 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4032 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6232 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6923 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-7592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-7592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-8088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-8088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-9287 page",
"url": "https://www.suse.com/security/cve/CVE-2024-9287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-0938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-0938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1795/"
}
],
"title": "Security update for python311",
"tracking": {
"current_release_date": "2025-03-19T11:31:40Z",
"generator": {
"date": "2025-03-19T11:31:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20154-1",
"initial_release_date": "2025-03-19T11:31:40Z",
"revision_history": [
{
"date": "2025-03-19T11:31:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython3_11-1_0-3.11.11-1.1.aarch64",
"product": {
"name": "libpython3_11-1_0-3.11.11-1.1.aarch64",
"product_id": "libpython3_11-1_0-3.11.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-3.11.11-1.1.aarch64",
"product": {
"name": "python311-3.11.11-1.1.aarch64",
"product_id": "python311-3.11.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-base-3.11.11-1.1.aarch64",
"product": {
"name": "python311-base-3.11.11-1.1.aarch64",
"product_id": "python311-base-3.11.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.11-1.1.aarch64",
"product": {
"name": "python311-curses-3.11.11-1.1.aarch64",
"product_id": "python311-curses-3.11.11-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_11-1_0-3.11.11-1.1.s390x",
"product": {
"name": "libpython3_11-1_0-3.11.11-1.1.s390x",
"product_id": "libpython3_11-1_0-3.11.11-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-3.11.11-1.1.s390x",
"product": {
"name": "python311-3.11.11-1.1.s390x",
"product_id": "python311-3.11.11-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-base-3.11.11-1.1.s390x",
"product": {
"name": "python311-base-3.11.11-1.1.s390x",
"product_id": "python311-base-3.11.11-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.11-1.1.s390x",
"product": {
"name": "python311-curses-3.11.11-1.1.s390x",
"product_id": "python311-curses-3.11.11-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_11-1_0-3.11.11-1.1.x86_64",
"product": {
"name": "libpython3_11-1_0-3.11.11-1.1.x86_64",
"product_id": "libpython3_11-1_0-3.11.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-3.11.11-1.1.x86_64",
"product": {
"name": "python311-3.11.11-1.1.x86_64",
"product_id": "python311-3.11.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-base-3.11.11-1.1.x86_64",
"product": {
"name": "python311-base-3.11.11-1.1.x86_64",
"product_id": "python311-base-3.11.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.11-1.1.x86_64",
"product": {
"name": "python311-curses-3.11.11-1.1.x86_64",
"product_id": "python311-curses-3.11.11-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_11-1_0-3.11.11-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64"
},
"product_reference": "libpython3_11-1_0-3.11.11-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_11-1_0-3.11.11-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x"
},
"product_reference": "libpython3_11-1_0-3.11.11-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_11-1_0-3.11.11-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64"
},
"product_reference": "libpython3_11-1_0-3.11.11-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.11-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64"
},
"product_reference": "python311-3.11.11-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.11-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x"
},
"product_reference": "python311-3.11.11-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.11-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64"
},
"product_reference": "python311-3.11.11-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-base-3.11.11-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64"
},
"product_reference": "python311-base-3.11.11-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-base-3.11.11-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x"
},
"product_reference": "python311-base-3.11.11-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-base-3.11.11-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64"
},
"product_reference": "python311-base-3.11.11-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-curses-3.11.11-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64"
},
"product_reference": "python311-curses-3.11.11-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-curses-3.11.11-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x"
},
"product_reference": "python311-curses-3.11.11-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-curses-3.11.11-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
},
"product_reference": "python311-curses-3.11.11-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-20907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-20907"
}
],
"notes": [
{
"category": "general",
"text": "In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-20907",
"url": "https://www.suse.com/security/cve/CVE-2019-20907"
},
{
"category": "external",
"summary": "SUSE Bug 1174091 for CVE-2019-20907",
"url": "https://bugzilla.suse.com/1174091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "moderate"
}
],
"title": "CVE-2019-20907"
},
{
"cve": "CVE-2019-9947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9947"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9947",
"url": "https://www.suse.com/security/cve/CVE-2019-9947"
},
{
"category": "external",
"summary": "SUSE Bug 1130840 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1130840"
},
{
"category": "external",
"summary": "SUSE Bug 1136184 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1136184"
},
{
"category": "external",
"summary": "SUSE Bug 1155094 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1155094"
},
{
"category": "external",
"summary": "SUSE Bug 1201559 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1201559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "moderate"
}
],
"title": "CVE-2019-9947"
},
{
"cve": "CVE-2020-15523",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15523"
}
],
"notes": [
{
"category": "general",
"text": "In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15523",
"url": "https://www.suse.com/security/cve/CVE-2020-15523"
},
{
"category": "external",
"summary": "SUSE Bug 1173745 for CVE-2020-15523",
"url": "https://bugzilla.suse.com/1173745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "important"
}
],
"title": "CVE-2020-15523"
},
{
"cve": "CVE-2020-15801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15801"
}
],
"notes": [
{
"category": "general",
"text": "In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The \u003cexecutable-name\u003e._pth file (e.g., the python._pth file) is not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15801",
"url": "https://www.suse.com/security/cve/CVE-2020-15801"
},
{
"category": "external",
"summary": "SUSE Bug 1174241 for CVE-2020-15801",
"url": "https://bugzilla.suse.com/1174241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "critical"
}
],
"title": "CVE-2020-15801"
},
{
"cve": "CVE-2022-25236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-25236"
}
],
"notes": [
{
"category": "general",
"text": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-25236",
"url": "https://www.suse.com/security/cve/CVE-2022-25236"
},
{
"category": "external",
"summary": "SUSE Bug 1196025 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1196025"
},
{
"category": "external",
"summary": "SUSE Bug 1196784 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1196784"
},
{
"category": "external",
"summary": "SUSE Bug 1197217 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1197217"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1201735 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1201735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "important"
}
],
"title": "CVE-2022-25236"
},
{
"cve": "CVE-2023-27043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-27043"
}
],
"notes": [
{
"category": "general",
"text": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-27043",
"url": "https://www.suse.com/security/cve/CVE-2023-27043"
},
{
"category": "external",
"summary": "SUSE Bug 1210638 for CVE-2023-27043",
"url": "https://bugzilla.suse.com/1210638"
},
{
"category": "external",
"summary": "SUSE Bug 1222537 for CVE-2023-27043",
"url": "https://bugzilla.suse.com/1222537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "moderate"
}
],
"title": "CVE-2023-27043"
},
{
"cve": "CVE-2023-52425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52425"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52425",
"url": "https://www.suse.com/security/cve/CVE-2023-52425"
},
{
"category": "external",
"summary": "SUSE Bug 1219559 for CVE-2023-52425",
"url": "https://bugzilla.suse.com/1219559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "moderate"
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-6597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6597"
}
],
"notes": [
{
"category": "general",
"text": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6597",
"url": "https://www.suse.com/security/cve/CVE-2023-6597"
},
{
"category": "external",
"summary": "SUSE Bug 1219666 for CVE-2023-6597",
"url": "https://bugzilla.suse.com/1219666"
},
{
"category": "external",
"summary": "SUSE Bug 1221854 for CVE-2023-6597",
"url": "https://bugzilla.suse.com/1221854"
},
{
"category": "external",
"summary": "SUSE Bug 1224879 for CVE-2023-6597",
"url": "https://bugzilla.suse.com/1224879"
},
{
"category": "external",
"summary": "SUSE Bug 1225185 for CVE-2023-6597",
"url": "https://bugzilla.suse.com/1225185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "important"
}
],
"title": "CVE-2023-6597"
},
{
"cve": "CVE-2024-0397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0397"
}
],
"notes": [
{
"category": "general",
"text": "A defect was discovered in the Python \"ssl\" module where there is a memory\nrace condition with the ssl.SSLContext methods \"cert_store_stats()\" and\n\"get_ca_certs()\". The race condition can be triggered if the methods are\ncalled at the same time as certificates are loaded into the SSLContext,\nsuch as during the TLS handshake with a certificate directory configured.\nThis issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0397",
"url": "https://www.suse.com/security/cve/CVE-2024-0397"
},
{
"category": "external",
"summary": "SUSE Bug 1226447 for CVE-2024-0397",
"url": "https://bugzilla.suse.com/1226447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "moderate"
}
],
"title": "CVE-2024-0397"
},
{
"cve": "CVE-2024-0450",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0450"
}
],
"notes": [
{
"category": "general",
"text": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe zipfile module is vulnerable to \"quoted-overlap\" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0450",
"url": "https://www.suse.com/security/cve/CVE-2024-0450"
},
{
"category": "external",
"summary": "SUSE Bug 1221854 for CVE-2024-0450",
"url": "https://bugzilla.suse.com/1221854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "moderate"
}
],
"title": "CVE-2024-0450"
},
{
"cve": "CVE-2024-4030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4030"
}
],
"notes": [
{
"category": "general",
"text": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you\u0027re not using Windows or haven\u0027t changed the temporary directory location then you aren\u0027t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \"700\" for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4030",
"url": "https://www.suse.com/security/cve/CVE-2024-4030"
},
{
"category": "external",
"summary": "SUSE Bug 1227152 for CVE-2024-4030",
"url": "https://bugzilla.suse.com/1227152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "moderate"
}
],
"title": "CVE-2024-4030"
},
{
"cve": "CVE-2024-4032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4032"
}
],
"notes": [
{
"category": "general",
"text": "The \"ipaddress\" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \"globally reachable\" or \"private\". This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u0027t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\n\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4032",
"url": "https://www.suse.com/security/cve/CVE-2024-4032"
},
{
"category": "external",
"summary": "SUSE Bug 1226448 for CVE-2024-4032",
"url": "https://bugzilla.suse.com/1226448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "low"
}
],
"title": "CVE-2024-4032"
},
{
"cve": "CVE-2024-6232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6232"
}
],
"notes": [
{
"category": "general",
"text": "There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6232",
"url": "https://www.suse.com/security/cve/CVE-2024-6232"
},
{
"category": "external",
"summary": "SUSE Bug 1230227 for CVE-2024-6232",
"url": "https://bugzilla.suse.com/1230227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "important"
}
],
"title": "CVE-2024-6232"
},
{
"cve": "CVE-2024-6923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6923"
}
],
"notes": [
{
"category": "general",
"text": "There is a MEDIUM severity vulnerability affecting CPython.\n\nThe \nemail module didn\u0027t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6923",
"url": "https://www.suse.com/security/cve/CVE-2024-6923"
},
{
"category": "external",
"summary": "SUSE Bug 1228780 for CVE-2024-6923",
"url": "https://bugzilla.suse.com/1228780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "important"
}
],
"title": "CVE-2024-6923"
},
{
"cve": "CVE-2024-7592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-7592"
}
],
"notes": [
{
"category": "general",
"text": "There is a LOW severity vulnerability affecting CPython, specifically the\n\u0027http.cookies\u0027 standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-7592",
"url": "https://www.suse.com/security/cve/CVE-2024-7592"
},
{
"category": "external",
"summary": "SUSE Bug 1229596 for CVE-2024-7592",
"url": "https://bugzilla.suse.com/1229596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "moderate"
}
],
"title": "CVE-2024-7592"
},
{
"cve": "CVE-2024-8088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-8088"
}
],
"notes": [
{
"category": "general",
"text": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\"\nmodule affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected.\n\n\n\n\n\nWhen iterating over names of entries in a zip archive (for example, methods\nof \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc)\nthe process can be put into an infinite loop with a maliciously crafted\nzip archive. This defect applies when reading only metadata or extracting\nthe contents of the zip archive. Programs that are not handling\nuser-controlled zip archives are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-8088",
"url": "https://www.suse.com/security/cve/CVE-2024-8088"
},
{
"category": "external",
"summary": "SUSE Bug 1229704 for CVE-2024-8088",
"url": "https://bugzilla.suse.com/1229704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "moderate"
}
],
"title": "CVE-2024-8088"
},
{
"cve": "CVE-2024-9287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-9287"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren\u0027t activated before being used (ie \"./venv/bin/python\") are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-9287",
"url": "https://www.suse.com/security/cve/CVE-2024-9287"
},
{
"category": "external",
"summary": "SUSE Bug 1232241 for CVE-2024-9287",
"url": "https://bugzilla.suse.com/1232241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "moderate"
}
],
"title": "CVE-2024-9287"
},
{
"cve": "CVE-2025-0938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-0938"
}
],
"notes": [
{
"category": "general",
"text": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-0938",
"url": "https://www.suse.com/security/cve/CVE-2025-0938"
},
{
"category": "external",
"summary": "SUSE Bug 1236705 for CVE-2025-0938",
"url": "https://bugzilla.suse.com/1236705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "moderate"
}
],
"title": "CVE-2025-0938"
},
{
"cve": "CVE-2025-1795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1795"
}
],
"notes": [
{
"category": "general",
"text": "During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1795",
"url": "https://www.suse.com/security/cve/CVE-2025-1795"
},
{
"category": "external",
"summary": "SUSE Bug 1238450 for CVE-2025-1795",
"url": "https://bugzilla.suse.com/1238450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:libpython3_11-1_0-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-base-3.11.11-1.1.x86_64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.aarch64",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.s390x",
"SUSE Linux Micro 6.0:python311-curses-3.11.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:31:40Z",
"details": "low"
}
],
"title": "CVE-2025-1795"
}
]
}
suse-su-2025:20374-1
Vulnerability from csaf_suse
Published
2025-06-03 09:05
Modified
2025-06-03 09:05
Summary
Security update for python311
Notes
Title of the patch
Security update for python311
Description of the patch
This update for python311 fixes the following issues:
- CVE-2025-4516: Fixed blocking DecodeError handling
vulnerability, which could lead to DoS. (bsc#1243273)
Update to 3.11.12:
- gh-105704: When using urllib.parse.urlsplit() and
urllib.parse.urlparse() host parsing would not reject domain
names containing square brackets ([ and ]). Square brackets
are only valid for IPv6 and IPvFuture hosts according to RFC
3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938,
gh#python/cpython#105704).
- gh-121284: Fix bug in the folding of rfc2047 encoded-words
when flattening an email message using a modern email
policy. Previously when an encoded-word was too long for
a line, it would be decoded, split across lines, and
re-encoded. But commas and other special characters in the
original text could be left unencoded and unquoted. This
could theoretically be used to spoof header lines using a
carefully constructed encoded-word if the resulting rendered
email was transmitted or re-parsed.
- gh-80222: Fix bug in the folding of quoted strings
when flattening an email message using a modern email
policy. Previously when a quoted string was folded so that
it spanned more than one line, the surrounding quotes and
internal escapes would be omitted. This could theoretically
be used to spoof header lines using a carefully constructed
quoted string if the resulting rendered email was transmitted
or re-parsed.
- gh-119511: Fix a potential denial of service in the imaplib
module. When connecting to a malicious server, it could
cause an arbitrary amount of memory to be allocated. On many
systems this is harmless as unused virtual memory is only
a mapping, but if this hit a virtual address size limit
it could lead to a MemoryError or other process crash. On
unusual systems or builds where all allocated memory is
touched and backed by actual ram or storage it could’ve
consumed resources doing so until similarly crashing.
- gh-127257: In ssl, system call failures that OpenSSL reports
using ERR_LIB_SYS are now raised as OSError.
- gh-121277: Writers of CPython’s documentation can now use
next as the version for the versionchanged, versionadded,
deprecated directives.
- gh-106883: Disable GC during the _PyThread_CurrentFrames()
and _PyThread_CurrentExceptions() calls to avoid the
interpreter to deadlock.
- CVE-2025-0938: disallow square brackets ([ and ]) in domain names for parsed
URLs (bsc#1236705, gh#python/cpython#105704)
Update to 3.11.11:
- Tools/Demos
- gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15
and multissltests to use 3.0.15, 3.1.7, and 3.2.3.
- Security
- gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to
consistently use the mapped IPv4 address value for deciding
properties. Properties which have their behavior fixed are
is_multicast, is_reserved, is_link_local, is_global, and
is_unspecified.
- Library
- gh-124651: Properly quote template strings in venv
activation scripts (bsc#1232241, CVE-2024-9287).
- Remove -IVendor/ from python-config bsc#1231795
- CVE-2024-9287: Properly quote path names provided when creating a
virtual environment (bsc#1232241,
- Drop .pyc files from docdir for reproducible builds (bsc#1230906).
Update to 3.11.10:
- Security
- gh-121957: Fixed missing audit events around interactive
use of Python, now also properly firing for ``python -i``,
as well as for ``python -m asyncio``. The event in question
is ``cpython.run_stdin``.
- gh-122133: Authenticate the socket connection for the
``socket.socketpair()`` fallback on platforms where
``AF_UNIX`` is not available like Windows. Patch by
Gregory P. Smith <greg@krypto.org> and Seth Larson
<seth@python.org>. Reported by Ellie <el@horse64.org>
- gh-121285: Remove backtracking from tarfile header parsing
for ``hdrcharset``, PAX, and GNU sparse headers
(bsc#1230227, CVE-2024-6232).
- gh-118486: :func:`os.mkdir` on Windows now accepts
*mode* of ``0o700`` to restrict the new directory to
the current user. This fixes CVE-2024-4030 affecting
:func:`tempfile.mkdtemp` in scenarios where the base
temporary directory is more permissive than the default.
- Library
- gh-123270: Applied a more surgical fix for malformed
payloads in :class:`zipfile.Path` causing infinite loops
(gh-122905) without breaking contents using legitimate
characters (bsc#1229704, CVE-2024-8088).
- gh-123067: Fix quadratic complexity in parsing ``"``-quoted
cookie values with backslashes by :mod:`http.cookies`
(bsc#1229596, CVE-2024-7592).
- gh-122905: :class:`zipfile.Path` objects now sanitize names
from the zipfile.
- gh-121650: :mod:`email` headers with embedded newlines are
now quoted on output. The :mod:`~email.generator` will now
refuse to serialize (write) headers that are unsafely folded
or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`.
(Contributed by Bas Bloemsaat and Petr Viktorin in
:gh:`121650`; CVE-2024-6923, bsc#1228780).
- gh-119506: Fix :meth:`!io.TextIOWrapper.write` method
breaks internal buffer when the method is called again
during flushing internal buffer.
- gh-118643: Fix an AttributeError in the :mod:`email` module
when re-fold a long address list. Also fix more cases of
incorrect encoding of the address separator in the address
list.
- gh-113171: Fixed various false positives and false
negatives in * :attr:`ipaddress.IPv4Address.is_private`
(see these docs for details) *
:attr:`ipaddress.IPv4Address.is_global` *
:attr:`ipaddress.IPv6Address.is_private` *
:attr:`ipaddress.IPv6Address.is_global` Also in the
corresponding :class:`ipaddress.IPv4Network` and
:class:`ipaddress.IPv6Network` attributes.
Fixes bsc#1226448 (CVE-2024-4032).
- gh-102988: :func:`email.utils.getaddresses` and
:func:`email.utils.parseaddr` now return ``('', '')``
2-tuples in more situations where invalid email addresses
are encountered instead of potentially inaccurate
values. Add optional *strict* parameter to these two
functions: use ``strict=False`` to get the old behavior,
accept malformed inputs. ``getattr(email.utils,
'supports_strict_parsing', False)`` can be use to check if
the *strict* paramater is available. Patch by Thomas Dwyer
and Victor Stinner to improve the CVE-2023-27043 fix
(bsc#1210638).
- gh-67693: Fix :func:`urllib.parse.urlunparse` and
:func:`urllib.parse.urlunsplit` for URIs with path starting
with multiple slashes and no authority. Based on patch by
Ashwin Ramaswami.
- Core and Builtins
- gh-112275: A deadlock involving ``pystate.c``'s
``HEAD_LOCK`` in ``posixmodule.c`` at fork is now
fixed. Patch by ChuBoning based on previous Python 3.12 fix
by Victor Stinner.
- gh-109120: Added handle of incorrect star expressions, e.g
``f(3, *)``. Patch by Grigoryev Semyon
- CVE-2024-8088: Prevent malformed payload to cause infinite loops in
zipfile.Path (bsc#1229704)
- Make pip and modern tools install directly in /usr/local when used by
the user. (bsc#1225660)
- CVE-2024-4032: Fix rearranging definition of private v global IP
addresses. (bsc#1226448)
Update to 3.11.9:
* Security
- gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
(CVE-2023-52425, bsc#1219559) by adding five new methods:
xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
- gh-115399: Update bundled libexpat to 2.6.0
- gh-115243: Fix possible crashes in collections.deque.index()
when the deque is concurrently modified.
- gh-114572: ssl.SSLContext.cert_store_stats() and
ssl.SSLContext.get_ca_certs() now correctly lock access to the
certificate store, when the ssl.SSLContext is shared across
multiple threads (bsc#1226447, CVE-2024-0397).
* Core and Builtins
- gh-116296: Fix possible refleak in object.__reduce__() internal
error handling.
- gh-116034: Fix location of the error on a failed assertion.
- gh-115823: Properly calculate error ranges in the parser when
raising SyntaxError exceptions caused by invalid byte sequences.
Patch by Pablo Galindo
- gh-112087: For an empty reverse iterator for list will be
reduced to reversed(). Patch by Donghee Na.
- gh-115011: Setters for members with an unsigned integer type now
support the same range of valid values for objects that has a
__index__() method as for int.
- gh-96497: Fix incorrect resolution of mangled class variables
used in assignment expressions in comprehensions.
* Library
- gh-117310: Fixed an unlikely early & extra Py_DECREF triggered
crash in ssl when creating a new _ssl._SSLContext if CPython was
built implausibly such that the default cipher list is empty or
the SSL library it was linked against reports a failure from its
C SSL_CTX_set_cipher_list() API.
- gh-117178: Fix regression in lazy loading of self-referential
modules, introduced in gh-114781.
- gh-117084: Fix zipfile extraction for directory entries with the
name containing backslashes on Windows.
- gh-117110: Fix a bug that prevents subclasses of typing.Any to
be instantiated with arguments. Patch by Chris Fu.
- gh-90872: On Windows, subprocess.Popen.wait() no longer calls
WaitForSingleObject() with a negative timeout: pass 0 ms if the
timeout is negative. Patch by Victor Stinner.
- gh-116957: configparser: Don’t leave ConfigParser values in an
invalid state (stored as a list instead of a str) after an
earlier read raised DuplicateSectionError or
DuplicateOptionError.
- gh-90095: Ignore empty lines and comments in .pdbrc
- gh-116764: Restore support of None and other false values in
urllib.parse functions parse_qs() and parse_qsl(). Also, they
now raise a TypeError for non-zero integers and non-empty
sequences.
- gh-116811: In PathFinder.invalidate_caches, delegate to
MetadataPathFinder.invalidate_caches.
- gh-116600: Fix repr() for global Flag members.
- gh-116484: Change automatically generated tkinter.Checkbutton
widget names to avoid collisions with automatically generated
tkinter.ttk.Checkbutton widget names within the same parent
widget.
- gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on
opening named pipe.
- gh-116143: Fix a race in pydoc _start_server, eliminating a
window in which _start_server can return a thread that is
“serving” but without a docserver set.
- gh-116325: typing: raise SyntaxError instead of AttributeError
on forward references as empty strings.
- gh-90535: Fix support of interval values > 1 in
logging.TimedRotatingFileHandler for when='MIDNIGHT' and
when='Wx'.
- gh-115978: Disable preadv(), readv(), pwritev(), and writev() on
WASI.
- Under wasmtime for WASI 0.2, these functions don’t pass
test_posix
(https://github.com/bytecodealliance/wasmtime/issues/7830).
- gh-88352: Fix the computation of the next rollover time in the
logging.TimedRotatingFileHandler handler. computeRollover() now
always returns a timestamp larger than the specified time and
works correctly during the DST change. doRollover() no longer
overwrite the already rolled over file, saving from data loss
when run at midnight or during repeated time at the DST change.
- gh-87115: Set __main__.__spec__ to None when running a script
with pdb
- gh-76511: Fix UnicodeEncodeError in email.Message.as_string()
that results when a message that claims to be in the ascii
character set actually has non-ascii characters. Non-ascii
characters are now replaced with the U+FFFD replacement
character, like in the replace error handler.
- gh-75988: Fixed unittest.mock.create_autospec() to pass the call
through to the wrapped object to return the real result.
- gh-115881: Fix issue where ast.parse() would incorrectly flag
conditional context managers (such as with (x() if y else z()):
...) as invalid syntax if feature_version=(3, 8) was passed.
This reverts changes to the grammar made as part of gh-94949.
- gh-115886: Fix silent truncation of the name with an embedded
null character in multiprocessing.shared_memory.SharedMemory.
- gh-115809: Improve algorithm for computing which rolled-over log
files to delete in logging.TimedRotatingFileHandler. It is now
reliable for handlers without namer and with arbitrary
deterministic namer that leaves the datetime part in the file
name unmodified.
- gh-74668: urllib.parse functions parse_qs() and parse_qsl() now
support bytes arguments containing raw and percent-encoded
non-ASCII data.
- gh-67044: csv.writer() now always quotes or escapes '\r' and
'\n', regardless of lineterminator value.
- gh-115712: csv.writer() now quotes empty fields if delimiter is
a space and skipinitialspace is true and raises exception if
quoting is not possible.
- gh-115618: Fix improper decreasing the reference count for None
argument in property methods getter(), setter() and deleter().
- gh-115570: A DeprecationWarning is no longer omitted on access
to the __doc__ attributes of the deprecated typing.io and
typing.re pseudo-modules.
- gh-112006: Fix inspect.unwrap() for types with the __wrapper__
data descriptor.
- gh-101293: Support callables with the __call__() method and
types with __new__() and __init__() methods set to class
methods, static methods, bound methods, partial functions, and
other types of methods and descriptors in
inspect.Signature.from_callable().
- gh-115392: Fix a bug in doctest where incorrect line numbers
would be reported for decorated functions.
- gh-114563: Fix several format() bugs when using the C
implementation of Decimal: * memory leak in some rare cases when
using the z format option (coerce negative 0) * incorrect output
when applying the z format option to type F (fixed-point with
capital NAN / INF) * incorrect output when applying the # format
option (alternate form)
- gh-115197: urllib.request no longer resolves the hostname before
checking it against the system’s proxy bypass list on macOS and
Windows.
- gh-115198: Fix support of Docutils >= 0.19 in distutils.
- gh-115165: Most exceptions are now ignored when attempting to
set the __orig_class__ attribute on objects returned when
calling typing generic aliases (including generic aliases
created using typing.Annotated). Previously only AttributeError
was ignored. Patch by Dave Shawley.
- gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
- gh-115059: io.BufferedRandom.read1() now flushes the underlying
write buffer.
- gh-79382: Trailing ** no longer allows to match files and
non-existing paths in recursive glob().
- gh-114763: Protect modules loaded with importlib.util.LazyLoader
from race conditions when multiple threads try to access
attributes before the loading is complete.
- gh-97959: Fix rendering class methods, bound methods, method and
function aliases in pydoc. Class methods no longer have “method
of builtins.type instance” note. Corresponding notes are now
added for class and unbound methods. Method and function aliases
now have references to the module or the class where the origin
was defined if it differs from the current. Bound methods are
now listed in the static methods section. Methods of builtin
classes are now supported as well as methods of Python classes.
- gh-112281: Allow creating union of types for typing.Annotated
with unhashable metadata.
- gh-111775: Fix importlib.resources.simple.ResourceHandle.open()
for text mode, added missed stream argument.
- gh-90095: Make .pdbrc and -c work with any valid pdb commands.
- gh-107155: Fix incorrect output of help(x) where x is a lambda
function, which has an __annotations__ dictionary attribute with
a "return" key.
- gh-105866: Fixed _get_slots bug which caused error when defining
dataclasses with slots and a weakref_slot.
- gh-60346: Fix ArgumentParser inconsistent with parse_known_args.
- gh-100985: Update HTTPSConnection to consistently wrap IPv6
Addresses when using a proxy.
- gh-100884: email: fix misfolding of comma in address-lists
over multiple lines in combination with unicode encoding
(bsc#1238450 CVE-2025-1795)
- gh-95782: Fix io.BufferedReader.tell(),
io.BufferedReader.seek(), _pyio.BufferedReader.tell(),
io.BufferedRandom.tell(), io.BufferedRandom.seek() and
_pyio.BufferedRandom.tell() being able to return negative
offsets.
- gh-96310: Fix a traceback in argparse when all options in a
mutually exclusive group are suppressed.
- gh-93205: Fixed a bug in
logging.handlers.TimedRotatingFileHandler where multiple
rotating handler instances pointing to files with the same name
but different extensions would conflict and not delete the
correct files.
- bpo-44865: Add missing call to localization function in
argparse.
- bpo-43952: Fix multiprocessing.connection.Listener.accept() to
accept empty bytes as authkey. Not accepting empty bytes as key
causes it to hang indefinitely.
- bpo-42125: linecache: get module name from __spec__ if
available. This allows getting source code for the __main__
module when a custom loader is used.
- gh-66543: Make mimetypes.guess_type() properly parsing of URLs
with only a host name, URLs containing fragment or query, and
filenames with only a UNC sharepoint on Windows. Based on patch
by Dong-hee Na.
- bpo-33775: Add ‘default’ and ‘version’ help text for
localization in argparse.
* Documentation
- gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML
vulnerabilities”.
- gh-115233: Fix an example for LoggerAdapter in the Logging
Cookbook.
* IDLE
- gh-88516: On macOS show a proxy icon in the title bar of editor
windows to match platform behaviour.
* Tools/Demos
- gh-113516: Don’t set LDSHARED when building for WASI.
* C API
- gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows
64-bit platforms.
- Add reference to CVE-2024-0450 (bsc#1221854) to changelog.
Patchnames
SUSE-SLE-Micro-6.1-128
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python311",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python311 fixes the following issues:\n\n- CVE-2025-4516: Fixed blocking DecodeError handling\n vulnerability, which could lead to DoS. (bsc#1243273) \n\nUpdate to 3.11.12:\n\n - gh-105704: When using urllib.parse.urlsplit() and\n urllib.parse.urlparse() host parsing would not reject domain\n names containing square brackets ([ and ]). Square brackets\n are only valid for IPv6 and IPvFuture hosts according to RFC\n 3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938,\n gh#python/cpython#105704).\n - gh-121284: Fix bug in the folding of rfc2047 encoded-words\n when flattening an email message using a modern email\n policy. Previously when an encoded-word was too long for\n a line, it would be decoded, split across lines, and\n re-encoded. But commas and other special characters in the\n original text could be left unencoded and unquoted. This\n could theoretically be used to spoof header lines using a\n carefully constructed encoded-word if the resulting rendered\n email was transmitted or re-parsed.\n - gh-80222: Fix bug in the folding of quoted strings\n when flattening an email message using a modern email\n policy. Previously when a quoted string was folded so that\n it spanned more than one line, the surrounding quotes and\n internal escapes would be omitted. This could theoretically\n be used to spoof header lines using a carefully constructed\n quoted string if the resulting rendered email was transmitted\n or re-parsed.\n - gh-119511: Fix a potential denial of service in the imaplib\n module. When connecting to a malicious server, it could\n cause an arbitrary amount of memory to be allocated. On many\n systems this is harmless as unused virtual memory is only\n a mapping, but if this hit a virtual address size limit\n it could lead to a MemoryError or other process crash. On\n unusual systems or builds where all allocated memory is\n touched and backed by actual ram or storage it could\u2019ve\n consumed resources doing so until similarly crashing.\n - gh-127257: In ssl, system call failures that OpenSSL reports\n using ERR_LIB_SYS are now raised as OSError.\n - gh-121277: Writers of CPython\u2019s documentation can now use\n next as the version for the versionchanged, versionadded,\n deprecated directives.\n - gh-106883: Disable GC during the _PyThread_CurrentFrames()\n and _PyThread_CurrentExceptions() calls to avoid the\n interpreter to deadlock.\n\n- CVE-2025-0938: disallow square brackets ([ and ]) in domain names for parsed\n URLs (bsc#1236705, gh#python/cpython#105704)\n\nUpdate to 3.11.11:\n\n - Tools/Demos\n\n - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15\n and multissltests to use 3.0.15, 3.1.7, and 3.2.3.\n\n - Security\n\n - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to\n consistently use the mapped IPv4 address value for deciding\n properties. Properties which have their behavior fixed are\n is_multicast, is_reserved, is_link_local, is_global, and\n is_unspecified.\n\n - Library\n\n - gh-124651: Properly quote template strings in venv\n activation scripts (bsc#1232241, CVE-2024-9287).\n\n- Remove -IVendor/ from python-config bsc#1231795\n\n- CVE-2024-9287: Properly quote path names provided when creating a\n virtual environment (bsc#1232241,\n\n- Drop .pyc files from docdir for reproducible builds (bsc#1230906).\n\nUpdate to 3.11.10:\n\n - Security\n\n - gh-121957: Fixed missing audit events around interactive\n use of Python, now also properly firing for ``python -i``,\n as well as for ``python -m asyncio``. The event in question\n is ``cpython.run_stdin``.\n - gh-122133: Authenticate the socket connection for the\n ``socket.socketpair()`` fallback on platforms where\n ``AF_UNIX`` is not available like Windows. Patch by\n Gregory P. Smith \u003cgreg@krypto.org\u003e and Seth Larson\n \u003cseth@python.org\u003e. Reported by Ellie \u003cel@horse64.org\u003e\n - gh-121285: Remove backtracking from tarfile header parsing\n for ``hdrcharset``, PAX, and GNU sparse headers\n (bsc#1230227, CVE-2024-6232).\n - gh-118486: :func:`os.mkdir` on Windows now accepts\n *mode* of ``0o700`` to restrict the new directory to\n the current user. This fixes CVE-2024-4030 affecting\n :func:`tempfile.mkdtemp` in scenarios where the base\n temporary directory is more permissive than the default.\n\n - Library\n\n - gh-123270: Applied a more surgical fix for malformed\n payloads in :class:`zipfile.Path` causing infinite loops\n (gh-122905) without breaking contents using legitimate\n characters (bsc#1229704, CVE-2024-8088).\n - gh-123067: Fix quadratic complexity in parsing ``\"``-quoted\n cookie values with backslashes by :mod:`http.cookies`\n (bsc#1229596, CVE-2024-7592).\n - gh-122905: :class:`zipfile.Path` objects now sanitize names\n from the zipfile.\n - gh-121650: :mod:`email` headers with embedded newlines are\n now quoted on output. The :mod:`~email.generator` will now\n refuse to serialize (write) headers that are unsafely folded\n or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`.\n (Contributed by Bas Bloemsaat and Petr Viktorin in\n :gh:`121650`; CVE-2024-6923, bsc#1228780).\n - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method\n breaks internal buffer when the method is called again\n during flushing internal buffer.\n - gh-118643: Fix an AttributeError in the :mod:`email` module\n when re-fold a long address list. Also fix more cases of\n incorrect encoding of the address separator in the address\n list.\n - gh-113171: Fixed various false positives and false\n negatives in * :attr:`ipaddress.IPv4Address.is_private`\n (see these docs for details) *\n :attr:`ipaddress.IPv4Address.is_global` *\n :attr:`ipaddress.IPv6Address.is_private` *\n :attr:`ipaddress.IPv6Address.is_global` Also in the\n corresponding :class:`ipaddress.IPv4Network` and\n :class:`ipaddress.IPv6Network` attributes.\n Fixes bsc#1226448 (CVE-2024-4032).\n - gh-102988: :func:`email.utils.getaddresses` and\n :func:`email.utils.parseaddr` now return ``(\u0027\u0027, \u0027\u0027)``\n 2-tuples in more situations where invalid email addresses\n are encountered instead of potentially inaccurate\n values. Add optional *strict* parameter to these two\n functions: use ``strict=False`` to get the old behavior,\n accept malformed inputs. ``getattr(email.utils,\n \u0027supports_strict_parsing\u0027, False)`` can be use to check if\n the *strict* paramater is available. Patch by Thomas Dwyer\n and Victor Stinner to improve the CVE-2023-27043 fix\n (bsc#1210638).\n - gh-67693: Fix :func:`urllib.parse.urlunparse` and\n :func:`urllib.parse.urlunsplit` for URIs with path starting\n with multiple slashes and no authority. Based on patch by\n Ashwin Ramaswami.\n\n - Core and Builtins\n\n - gh-112275: A deadlock involving ``pystate.c``\u0027s\n ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now\n fixed. Patch by ChuBoning based on previous Python 3.12 fix\n by Victor Stinner.\n - gh-109120: Added handle of incorrect star expressions, e.g\n ``f(3, *)``. Patch by Grigoryev Semyon\n\n- CVE-2024-8088: Prevent malformed payload to cause infinite loops in\n zipfile.Path (bsc#1229704)\n\n- Make pip and modern tools install directly in /usr/local when used by\n the user. (bsc#1225660)\n\n- CVE-2024-4032: Fix rearranging definition of private v global IP\n addresses. (bsc#1226448)\n\nUpdate to 3.11.9:\n\n * Security\n\n - gh-115398: Allow controlling Expat \u003e=2.6.0 reparse deferral\n (CVE-2023-52425, bsc#1219559) by adding five new methods:\n xml.etree.ElementTree.XMLParser.flush()\n xml.etree.ElementTree.XMLPullParser.flush()\n xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()\n xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()\n xml.sax.expatreader.ExpatParser.flush()\n - gh-115399: Update bundled libexpat to 2.6.0\n - gh-115243: Fix possible crashes in collections.deque.index()\n when the deque is concurrently modified.\n - gh-114572: ssl.SSLContext.cert_store_stats() and\n ssl.SSLContext.get_ca_certs() now correctly lock access to the\n certificate store, when the ssl.SSLContext is shared across\n multiple threads (bsc#1226447, CVE-2024-0397).\n\n * Core and Builtins\n\n - gh-116296: Fix possible refleak in object.__reduce__() internal\n error handling.\n - gh-116034: Fix location of the error on a failed assertion.\n - gh-115823: Properly calculate error ranges in the parser when\n raising SyntaxError exceptions caused by invalid byte sequences.\n Patch by Pablo Galindo\n - gh-112087: For an empty reverse iterator for list will be\n reduced to reversed(). Patch by Donghee Na.\n - gh-115011: Setters for members with an unsigned integer type now\n support the same range of valid values for objects that has a\n __index__() method as for int.\n - gh-96497: Fix incorrect resolution of mangled class variables\n used in assignment expressions in comprehensions.\n\n * Library\n\n - gh-117310: Fixed an unlikely early \u0026 extra Py_DECREF triggered\n crash in ssl when creating a new _ssl._SSLContext if CPython was\n built implausibly such that the default cipher list is empty or\n the SSL library it was linked against reports a failure from its\n C SSL_CTX_set_cipher_list() API.\n - gh-117178: Fix regression in lazy loading of self-referential\n modules, introduced in gh-114781.\n - gh-117084: Fix zipfile extraction for directory entries with the\n name containing backslashes on Windows.\n - gh-117110: Fix a bug that prevents subclasses of typing.Any to\n be instantiated with arguments. Patch by Chris Fu.\n - gh-90872: On Windows, subprocess.Popen.wait() no longer calls\n WaitForSingleObject() with a negative timeout: pass 0 ms if the\n timeout is negative. Patch by Victor Stinner.\n - gh-116957: configparser: Don\u2019t leave ConfigParser values in an\n invalid state (stored as a list instead of a str) after an\n earlier read raised DuplicateSectionError or\n DuplicateOptionError.\n - gh-90095: Ignore empty lines and comments in .pdbrc\n - gh-116764: Restore support of None and other false values in\n urllib.parse functions parse_qs() and parse_qsl(). Also, they\n now raise a TypeError for non-zero integers and non-empty\n sequences.\n - gh-116811: In PathFinder.invalidate_caches, delegate to\n MetadataPathFinder.invalidate_caches.\n - gh-116600: Fix repr() for global Flag members.\n - gh-116484: Change automatically generated tkinter.Checkbutton\n widget names to avoid collisions with automatically generated\n tkinter.ttk.Checkbutton widget names within the same parent\n widget.\n - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on\n opening named pipe.\n - gh-116143: Fix a race in pydoc _start_server, eliminating a\n window in which _start_server can return a thread that is\n \u201cserving\u201d but without a docserver set.\n - gh-116325: typing: raise SyntaxError instead of AttributeError\n on forward references as empty strings.\n - gh-90535: Fix support of interval values \u003e 1 in\n logging.TimedRotatingFileHandler for when=\u0027MIDNIGHT\u0027 and\n when=\u0027Wx\u0027.\n - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on\n WASI.\n - Under wasmtime for WASI 0.2, these functions don\u2019t pass\n test_posix\n (https://github.com/bytecodealliance/wasmtime/issues/7830).\n - gh-88352: Fix the computation of the next rollover time in the\n logging.TimedRotatingFileHandler handler. computeRollover() now\n always returns a timestamp larger than the specified time and\n works correctly during the DST change. doRollover() no longer\n overwrite the already rolled over file, saving from data loss\n when run at midnight or during repeated time at the DST change.\n - gh-87115: Set __main__.__spec__ to None when running a script\n with pdb\n - gh-76511: Fix UnicodeEncodeError in email.Message.as_string()\n that results when a message that claims to be in the ascii\n character set actually has non-ascii characters. Non-ascii\n characters are now replaced with the U+FFFD replacement\n character, like in the replace error handler.\n - gh-75988: Fixed unittest.mock.create_autospec() to pass the call\n through to the wrapped object to return the real result.\n - gh-115881: Fix issue where ast.parse() would incorrectly flag\n conditional context managers (such as with (x() if y else z()):\n ...) as invalid syntax if feature_version=(3, 8) was passed.\n This reverts changes to the grammar made as part of gh-94949.\n - gh-115886: Fix silent truncation of the name with an embedded\n null character in multiprocessing.shared_memory.SharedMemory.\n - gh-115809: Improve algorithm for computing which rolled-over log\n files to delete in logging.TimedRotatingFileHandler. It is now\n reliable for handlers without namer and with arbitrary\n deterministic namer that leaves the datetime part in the file\n name unmodified.\n - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now\n support bytes arguments containing raw and percent-encoded\n non-ASCII data.\n - gh-67044: csv.writer() now always quotes or escapes \u0027\\r\u0027 and\n \u0027\\n\u0027, regardless of lineterminator value.\n - gh-115712: csv.writer() now quotes empty fields if delimiter is\n a space and skipinitialspace is true and raises exception if\n quoting is not possible.\n - gh-115618: Fix improper decreasing the reference count for None\n argument in property methods getter(), setter() and deleter().\n - gh-115570: A DeprecationWarning is no longer omitted on access\n to the __doc__ attributes of the deprecated typing.io and\n typing.re pseudo-modules.\n - gh-112006: Fix inspect.unwrap() for types with the __wrapper__\n data descriptor.\n - gh-101293: Support callables with the __call__() method and\n types with __new__() and __init__() methods set to class\n methods, static methods, bound methods, partial functions, and\n other types of methods and descriptors in\n inspect.Signature.from_callable().\n - gh-115392: Fix a bug in doctest where incorrect line numbers\n would be reported for decorated functions.\n - gh-114563: Fix several format() bugs when using the C\n implementation of Decimal: * memory leak in some rare cases when\n using the z format option (coerce negative 0) * incorrect output\n when applying the z format option to type F (fixed-point with\n capital NAN / INF) * incorrect output when applying the # format\n option (alternate form)\n - gh-115197: urllib.request no longer resolves the hostname before\n checking it against the system\u2019s proxy bypass list on macOS and\n Windows.\n - gh-115198: Fix support of Docutils \u003e= 0.19 in distutils.\n - gh-115165: Most exceptions are now ignored when attempting to\n set the __orig_class__ attribute on objects returned when\n calling typing generic aliases (including generic aliases\n created using typing.Annotated). Previously only AttributeError\n was ignored. Patch by Dave Shawley.\n - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.\n - gh-115059: io.BufferedRandom.read1() now flushes the underlying\n write buffer.\n - gh-79382: Trailing ** no longer allows to match files and\n non-existing paths in recursive glob().\n - gh-114763: Protect modules loaded with importlib.util.LazyLoader\n from race conditions when multiple threads try to access\n attributes before the loading is complete.\n - gh-97959: Fix rendering class methods, bound methods, method and\n function aliases in pydoc. Class methods no longer have \u201cmethod\n of builtins.type instance\u201d note. Corresponding notes are now\n added for class and unbound methods. Method and function aliases\n now have references to the module or the class where the origin\n was defined if it differs from the current. Bound methods are\n now listed in the static methods section. Methods of builtin\n classes are now supported as well as methods of Python classes.\n - gh-112281: Allow creating union of types for typing.Annotated\n with unhashable metadata.\n - gh-111775: Fix importlib.resources.simple.ResourceHandle.open()\n for text mode, added missed stream argument.\n - gh-90095: Make .pdbrc and -c work with any valid pdb commands.\n - gh-107155: Fix incorrect output of help(x) where x is a lambda\n function, which has an __annotations__ dictionary attribute with\n a \"return\" key.\n - gh-105866: Fixed _get_slots bug which caused error when defining\n dataclasses with slots and a weakref_slot.\n - gh-60346: Fix ArgumentParser inconsistent with parse_known_args.\n - gh-100985: Update HTTPSConnection to consistently wrap IPv6\n Addresses when using a proxy.\n - gh-100884: email: fix misfolding of comma in address-lists\n over multiple lines in combination with unicode encoding\n (bsc#1238450 CVE-2025-1795)\n - gh-95782: Fix io.BufferedReader.tell(),\n io.BufferedReader.seek(), _pyio.BufferedReader.tell(),\n io.BufferedRandom.tell(), io.BufferedRandom.seek() and\n _pyio.BufferedRandom.tell() being able to return negative\n offsets.\n - gh-96310: Fix a traceback in argparse when all options in a\n mutually exclusive group are suppressed.\n - gh-93205: Fixed a bug in\n logging.handlers.TimedRotatingFileHandler where multiple\n rotating handler instances pointing to files with the same name\n but different extensions would conflict and not delete the\n correct files.\n - bpo-44865: Add missing call to localization function in\n argparse.\n - bpo-43952: Fix multiprocessing.connection.Listener.accept() to\n accept empty bytes as authkey. Not accepting empty bytes as key\n causes it to hang indefinitely.\n - bpo-42125: linecache: get module name from __spec__ if\n available. This allows getting source code for the __main__\n module when a custom loader is used.\n - gh-66543: Make mimetypes.guess_type() properly parsing of URLs\n with only a host name, URLs containing fragment or query, and\n filenames with only a UNC sharepoint on Windows. Based on patch\n by Dong-hee Na.\n - bpo-33775: Add \u2018default\u2019 and \u2018version\u2019 help text for\n localization in argparse.\n\n * Documentation\n\n - gh-115399: Document CVE-2023-52425 of Expat \u003c2.6.0 under \u201cXML\n vulnerabilities\u201d.\n - gh-115233: Fix an example for LoggerAdapter in the Logging\n Cookbook.\n\n * IDLE\n\n - gh-88516: On macOS show a proxy icon in the title bar of editor\n windows to match platform behaviour.\n\n * Tools/Demos\n\n - gh-113516: Don\u2019t set LDSHARED when building for WASI.\n\n * C API\n\n - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows\n 64-bit platforms.\n\n- Add reference to CVE-2024-0450 (bsc#1221854) to changelog.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-128",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20374-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20374-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520374-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20374-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040141.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210638",
"url": "https://bugzilla.suse.com/1210638"
},
{
"category": "self",
"summary": "SUSE Bug 1219559",
"url": "https://bugzilla.suse.com/1219559"
},
{
"category": "self",
"summary": "SUSE Bug 1219666",
"url": "https://bugzilla.suse.com/1219666"
},
{
"category": "self",
"summary": "SUSE Bug 1221854",
"url": "https://bugzilla.suse.com/1221854"
},
{
"category": "self",
"summary": "SUSE Bug 1225660",
"url": "https://bugzilla.suse.com/1225660"
},
{
"category": "self",
"summary": "SUSE Bug 1226447",
"url": "https://bugzilla.suse.com/1226447"
},
{
"category": "self",
"summary": "SUSE Bug 1226448",
"url": "https://bugzilla.suse.com/1226448"
},
{
"category": "self",
"summary": "SUSE Bug 1227378",
"url": "https://bugzilla.suse.com/1227378"
},
{
"category": "self",
"summary": "SUSE Bug 1227999",
"url": "https://bugzilla.suse.com/1227999"
},
{
"category": "self",
"summary": "SUSE Bug 1228165",
"url": "https://bugzilla.suse.com/1228165"
},
{
"category": "self",
"summary": "SUSE Bug 1228780",
"url": "https://bugzilla.suse.com/1228780"
},
{
"category": "self",
"summary": "SUSE Bug 1229596",
"url": "https://bugzilla.suse.com/1229596"
},
{
"category": "self",
"summary": "SUSE Bug 1229704",
"url": "https://bugzilla.suse.com/1229704"
},
{
"category": "self",
"summary": "SUSE Bug 1230227",
"url": "https://bugzilla.suse.com/1230227"
},
{
"category": "self",
"summary": "SUSE Bug 1230906",
"url": "https://bugzilla.suse.com/1230906"
},
{
"category": "self",
"summary": "SUSE Bug 1231795",
"url": "https://bugzilla.suse.com/1231795"
},
{
"category": "self",
"summary": "SUSE Bug 1232241",
"url": "https://bugzilla.suse.com/1232241"
},
{
"category": "self",
"summary": "SUSE Bug 1236705",
"url": "https://bugzilla.suse.com/1236705"
},
{
"category": "self",
"summary": "SUSE Bug 1238450",
"url": "https://bugzilla.suse.com/1238450"
},
{
"category": "self",
"summary": "SUSE Bug 1239210",
"url": "https://bugzilla.suse.com/1239210"
},
{
"category": "self",
"summary": "SUSE Bug 1241067",
"url": "https://bugzilla.suse.com/1241067"
},
{
"category": "self",
"summary": "SUSE Bug 1243273",
"url": "https://bugzilla.suse.com/1243273"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-25236 page",
"url": "https://www.suse.com/security/cve/CVE-2022-25236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-27043 page",
"url": "https://www.suse.com/security/cve/CVE-2023-27043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52425 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6597 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0397 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0450 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0450/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4030 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4032 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6232 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6923 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-7592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-7592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-8088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-8088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-9287 page",
"url": "https://www.suse.com/security/cve/CVE-2024-9287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-0938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-0938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4516 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4516/"
}
],
"title": "Security update for python311",
"tracking": {
"current_release_date": "2025-06-03T09:05:30Z",
"generator": {
"date": "2025-06-03T09:05:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20374-1",
"initial_release_date": "2025-06-03T09:05:30Z",
"revision_history": [
{
"date": "2025-06-03T09:05:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"product": {
"name": "libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"product_id": "libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-3.11.12-slfo.1.1_1.1.aarch64",
"product": {
"name": "python311-3.11.12-slfo.1.1_1.1.aarch64",
"product_id": "python311-3.11.12-slfo.1.1_1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"product": {
"name": "python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"product_id": "python311-base-3.11.12-slfo.1.1_1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"product": {
"name": "python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"product_id": "python311-curses-3.11.12-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"product": {
"name": "libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"product_id": "libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-3.11.12-slfo.1.1_1.1.s390x",
"product": {
"name": "python311-3.11.12-slfo.1.1_1.1.s390x",
"product_id": "python311-3.11.12-slfo.1.1_1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-base-3.11.12-slfo.1.1_1.1.s390x",
"product": {
"name": "python311-base-3.11.12-slfo.1.1_1.1.s390x",
"product_id": "python311-base-3.11.12-slfo.1.1_1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"product": {
"name": "python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"product_id": "python311-curses-3.11.12-slfo.1.1_1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"product": {
"name": "libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"product_id": "libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-3.11.12-slfo.1.1_1.1.x86_64",
"product": {
"name": "python311-3.11.12-slfo.1.1_1.1.x86_64",
"product_id": "python311-3.11.12-slfo.1.1_1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"product": {
"name": "python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"product_id": "python311-base-3.11.12-slfo.1.1_1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.12-slfo.1.1_1.1.x86_64",
"product": {
"name": "python311-curses-3.11.12-slfo.1.1_1.1.x86_64",
"product_id": "python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64"
},
"product_reference": "libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x"
},
"product_reference": "libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64"
},
"product_reference": "libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.12-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64"
},
"product_reference": "python311-3.11.12-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.12-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x"
},
"product_reference": "python311-3.11.12-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.12-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64"
},
"product_reference": "python311-3.11.12-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-base-3.11.12-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64"
},
"product_reference": "python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-base-3.11.12-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x"
},
"product_reference": "python311-base-3.11.12-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-base-3.11.12-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64"
},
"product_reference": "python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-curses-3.11.12-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64"
},
"product_reference": "python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-curses-3.11.12-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x"
},
"product_reference": "python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-curses-3.11.12-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
},
"product_reference": "python311-curses-3.11.12-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-25236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-25236"
}
],
"notes": [
{
"category": "general",
"text": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-25236",
"url": "https://www.suse.com/security/cve/CVE-2022-25236"
},
{
"category": "external",
"summary": "SUSE Bug 1196025 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1196025"
},
{
"category": "external",
"summary": "SUSE Bug 1196784 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1196784"
},
{
"category": "external",
"summary": "SUSE Bug 1197217 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1197217"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1201735 for CVE-2022-25236",
"url": "https://bugzilla.suse.com/1201735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T09:05:30Z",
"details": "important"
}
],
"title": "CVE-2022-25236"
},
{
"cve": "CVE-2023-27043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-27043"
}
],
"notes": [
{
"category": "general",
"text": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-27043",
"url": "https://www.suse.com/security/cve/CVE-2023-27043"
},
{
"category": "external",
"summary": "SUSE Bug 1210638 for CVE-2023-27043",
"url": "https://bugzilla.suse.com/1210638"
},
{
"category": "external",
"summary": "SUSE Bug 1222537 for CVE-2023-27043",
"url": "https://bugzilla.suse.com/1222537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T09:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2023-27043"
},
{
"cve": "CVE-2023-52425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52425"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52425",
"url": "https://www.suse.com/security/cve/CVE-2023-52425"
},
{
"category": "external",
"summary": "SUSE Bug 1219559 for CVE-2023-52425",
"url": "https://bugzilla.suse.com/1219559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T09:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-6597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6597"
}
],
"notes": [
{
"category": "general",
"text": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6597",
"url": "https://www.suse.com/security/cve/CVE-2023-6597"
},
{
"category": "external",
"summary": "SUSE Bug 1219666 for CVE-2023-6597",
"url": "https://bugzilla.suse.com/1219666"
},
{
"category": "external",
"summary": "SUSE Bug 1221854 for CVE-2023-6597",
"url": "https://bugzilla.suse.com/1221854"
},
{
"category": "external",
"summary": "SUSE Bug 1224879 for CVE-2023-6597",
"url": "https://bugzilla.suse.com/1224879"
},
{
"category": "external",
"summary": "SUSE Bug 1225185 for CVE-2023-6597",
"url": "https://bugzilla.suse.com/1225185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T09:05:30Z",
"details": "important"
}
],
"title": "CVE-2023-6597"
},
{
"cve": "CVE-2024-0397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0397"
}
],
"notes": [
{
"category": "general",
"text": "A defect was discovered in the Python \"ssl\" module where there is a memory\nrace condition with the ssl.SSLContext methods \"cert_store_stats()\" and\n\"get_ca_certs()\". The race condition can be triggered if the methods are\ncalled at the same time as certificates are loaded into the SSLContext,\nsuch as during the TLS handshake with a certificate directory configured.\nThis issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0397",
"url": "https://www.suse.com/security/cve/CVE-2024-0397"
},
{
"category": "external",
"summary": "SUSE Bug 1226447 for CVE-2024-0397",
"url": "https://bugzilla.suse.com/1226447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T09:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-0397"
},
{
"cve": "CVE-2024-0450",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0450"
}
],
"notes": [
{
"category": "general",
"text": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe zipfile module is vulnerable to \"quoted-overlap\" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0450",
"url": "https://www.suse.com/security/cve/CVE-2024-0450"
},
{
"category": "external",
"summary": "SUSE Bug 1221854 for CVE-2024-0450",
"url": "https://bugzilla.suse.com/1221854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T09:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-0450"
},
{
"cve": "CVE-2024-4030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4030"
}
],
"notes": [
{
"category": "general",
"text": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you\u0027re not using Windows or haven\u0027t changed the temporary directory location then you aren\u0027t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \"700\" for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4030",
"url": "https://www.suse.com/security/cve/CVE-2024-4030"
},
{
"category": "external",
"summary": "SUSE Bug 1227152 for CVE-2024-4030",
"url": "https://bugzilla.suse.com/1227152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T09:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-4030"
},
{
"cve": "CVE-2024-4032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4032"
}
],
"notes": [
{
"category": "general",
"text": "The \"ipaddress\" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \"globally reachable\" or \"private\". This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u0027t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\n\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4032",
"url": "https://www.suse.com/security/cve/CVE-2024-4032"
},
{
"category": "external",
"summary": "SUSE Bug 1226448 for CVE-2024-4032",
"url": "https://bugzilla.suse.com/1226448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T09:05:30Z",
"details": "low"
}
],
"title": "CVE-2024-4032"
},
{
"cve": "CVE-2024-6232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6232"
}
],
"notes": [
{
"category": "general",
"text": "There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6232",
"url": "https://www.suse.com/security/cve/CVE-2024-6232"
},
{
"category": "external",
"summary": "SUSE Bug 1230227 for CVE-2024-6232",
"url": "https://bugzilla.suse.com/1230227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T09:05:30Z",
"details": "important"
}
],
"title": "CVE-2024-6232"
},
{
"cve": "CVE-2024-6923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6923"
}
],
"notes": [
{
"category": "general",
"text": "There is a MEDIUM severity vulnerability affecting CPython.\n\nThe \nemail module didn\u0027t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6923",
"url": "https://www.suse.com/security/cve/CVE-2024-6923"
},
{
"category": "external",
"summary": "SUSE Bug 1228780 for CVE-2024-6923",
"url": "https://bugzilla.suse.com/1228780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T09:05:30Z",
"details": "important"
}
],
"title": "CVE-2024-6923"
},
{
"cve": "CVE-2024-7592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-7592"
}
],
"notes": [
{
"category": "general",
"text": "There is a LOW severity vulnerability affecting CPython, specifically the\n\u0027http.cookies\u0027 standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-7592",
"url": "https://www.suse.com/security/cve/CVE-2024-7592"
},
{
"category": "external",
"summary": "SUSE Bug 1229596 for CVE-2024-7592",
"url": "https://bugzilla.suse.com/1229596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T09:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-7592"
},
{
"cve": "CVE-2024-8088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-8088"
}
],
"notes": [
{
"category": "general",
"text": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\"\nmodule affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected.\n\n\n\n\n\nWhen iterating over names of entries in a zip archive (for example, methods\nof \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc)\nthe process can be put into an infinite loop with a maliciously crafted\nzip archive. This defect applies when reading only metadata or extracting\nthe contents of the zip archive. Programs that are not handling\nuser-controlled zip archives are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-8088",
"url": "https://www.suse.com/security/cve/CVE-2024-8088"
},
{
"category": "external",
"summary": "SUSE Bug 1229704 for CVE-2024-8088",
"url": "https://bugzilla.suse.com/1229704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T09:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-8088"
},
{
"cve": "CVE-2024-9287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-9287"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren\u0027t activated before being used (ie \"./venv/bin/python\") are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-9287",
"url": "https://www.suse.com/security/cve/CVE-2024-9287"
},
{
"category": "external",
"summary": "SUSE Bug 1232241 for CVE-2024-9287",
"url": "https://bugzilla.suse.com/1232241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T09:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-9287"
},
{
"cve": "CVE-2025-0938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-0938"
}
],
"notes": [
{
"category": "general",
"text": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-0938",
"url": "https://www.suse.com/security/cve/CVE-2025-0938"
},
{
"category": "external",
"summary": "SUSE Bug 1236705 for CVE-2025-0938",
"url": "https://bugzilla.suse.com/1236705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T09:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2025-0938"
},
{
"cve": "CVE-2025-1795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1795"
}
],
"notes": [
{
"category": "general",
"text": "During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1795",
"url": "https://www.suse.com/security/cve/CVE-2025-1795"
},
{
"category": "external",
"summary": "SUSE Bug 1238450 for CVE-2025-1795",
"url": "https://bugzilla.suse.com/1238450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T09:05:30Z",
"details": "low"
}
],
"title": "CVE-2025-1795"
},
{
"cve": "CVE-2025-4516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4516"
}
],
"notes": [
{
"category": "general",
"text": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4516",
"url": "https://www.suse.com/security/cve/CVE-2025-4516"
},
{
"category": "external",
"summary": "SUSE Bug 1243273 for CVE-2025-4516",
"url": "https://bugzilla.suse.com/1243273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-base-3.11.12-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:python311-curses-3.11.12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T09:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2025-4516"
}
]
}
gsd-2024-4030
Vulnerability from gsd
Modified
2024-04-23 05:02
Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-4030"
],
"id": "GSD-2024-4030",
"modified": "2024-04-23T05:02:11.163669Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-4030",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
ghsa-2w87-6hh6-mqrj
Vulnerability from github
Published
2024-05-07 21:31
Modified
2024-09-07 03:30
Severity ?
VLAI Severity ?
Details
On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.
If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.
This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.
{
"affected": [],
"aliases": [
"CVE-2024-4030"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-07T21:15:09Z",
"severity": "HIGH"
},
"details": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you\u2019re not using Windows or haven\u2019t changed the temporary directory location then you aren\u2019t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \u201c700\u201d for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.\n",
"id": "GHSA-2w87-6hh6-mqrj",
"modified": "2024-09-07T03:30:42Z",
"published": "2024-05-07T21:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4030"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/issues/118486"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46"
},
{
"type": "WEB",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240705-0005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…