Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-13176 (GCVE-0-2024-13176)
Vulnerability from cvelistv5
Published
2025-01-20 13:29
Modified
2025-05-26 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-385 - Covert Timing Channel
Summary
Issue summary: A timing side-channel which could potentially allow recovering
the private key exists in the ECDSA signature computation.
Impact summary: A timing side-channel in ECDSA signature computations
could allow recovering the private key by an attacker. However, measuring
the timing would require either local access to the signing application or
a very fast network connection with low latency.
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In particular
the NIST P-521 curve is affected. To be able to measure this leak, the attacker
process must either be located in the same physical computer or must
have a very fast network connection with low latency. For that reason
the severity of this vulnerability is Low.
The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-05-26T18:03:44.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/20/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250124-0005/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250418-0010/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T20:21:21.345629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T20:25:45.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.4.1",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.3",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.2.4",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThan": "3.1.8",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThan": "3.0.16",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1zb",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zl",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "George Pantelakis (Red Hat)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Alicja Kario (Red Hat)"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tom\u00e1\u0161 Mr\u00e1z"
}
],
"datePublic": "2025-01-20T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: A timing side-channel which could potentially allow recovering\u003cbr\u003ethe private key exists in the ECDSA signature computation.\u003cbr\u003e\u003cbr\u003eImpact summary: A timing side-channel in ECDSA signature computations\u003cbr\u003ecould allow recovering the private key by an attacker. However, measuring\u003cbr\u003ethe timing would require either local access to the signing application or\u003cbr\u003ea very fast network connection with low latency.\u003cbr\u003e\u003cbr\u003eThere is a timing signal of around 300 nanoseconds when the top word of\u003cbr\u003ethe inverted ECDSA nonce value is zero. This can happen with significant\u003cbr\u003eprobability only for some of the supported elliptic curves. In particular\u003cbr\u003ethe NIST P-521 curve is affected. To be able to measure this leak, the attacker\u003cbr\u003eprocess must either be located in the same physical computer or must\u003cbr\u003ehave a very fast network connection with low latency. For that reason\u003cbr\u003ethe severity of this vulnerability is Low.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue."
}
],
"value": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-385",
"description": "CWE-385 Covert Timing Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T07:51:11.697Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20250120.txt"
},
{
"name": "3.3.4 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f"
},
{
"name": "3.3.3 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902"
},
{
"name": "3.2.4 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65"
},
{
"name": "3.1.8 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467"
},
{
"name": "3.0.16 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844"
},
{
"name": "1.1.1zb git commit",
"tags": [
"patch"
],
"url": "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86"
},
{
"name": "1.0.2zl git commit",
"tags": [
"patch"
],
"url": "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Timing side-channel in ECDSA signature computation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2024-13176",
"datePublished": "2025-01-20T13:29:57.047Z",
"dateReserved": "2025-01-07T09:34:54.572Z",
"dateUpdated": "2025-05-26T18:03:44.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-13176\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2025-01-20T14:15:26.247\",\"lastModified\":\"2025-05-26T18:15:19.740\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Issue summary: A timing side-channel which could potentially allow recovering\\nthe private key exists in the ECDSA signature computation.\\n\\nImpact summary: A timing side-channel in ECDSA signature computations\\ncould allow recovering the private key by an attacker. However, measuring\\nthe timing would require either local access to the signing application or\\na very fast network connection with low latency.\\n\\nThere is a timing signal of around 300 nanoseconds when the top word of\\nthe inverted ECDSA nonce value is zero. This can happen with significant\\nprobability only for some of the supported elliptic curves. In particular\\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\\nprocess must either be located in the same physical computer or must\\nhave a very fast network connection with low latency. For that reason\\nthe severity of this vulnerability is Low.\\n\\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\"},{\"lang\":\"es\",\"value\":\"Resumen del problema: Existe un canal lateral de temporizaci\u00f3n que potencialmente podr\u00eda permitir recuperar la clave privada en el c\u00e1lculo de la firma ECDSA. Resumen del impacto: Un canal lateral de temporizaci\u00f3n en los c\u00e1lculos de firmas ECDSA podr\u00eda permitir que un atacante recupere la clave privada. Sin embargo, para medir el tiempo se necesitar\u00eda acceso local a la aplicaci\u00f3n de firma o una conexi\u00f3n de red muy r\u00e1pida con baja latencia. Hay una se\u00f1al de tiempo de alrededor de 300 nanosegundos cuando la palabra superior del valor nonce ECDSA invertido es cero. Esto puede suceder con una probabilidad significativa s\u00f3lo para algunas de las curvas el\u00edpticas admitidas. En particular, la curva NIST P-521 se ve afectada. Para poder medir esta fuga, el proceso atacante debe estar ubicado en la misma computadora f\u00edsica o debe tener una conexi\u00f3n de red muy r\u00e1pida con baja latencia. Por esa raz\u00f3n la severidad de esta vulnerabilidad es Baja.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":4.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.7,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"openssl-security@openssl.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-385\"}]}],\"references\":[{\"url\":\"https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://openssl-library.org/news/secadv/20250120.txt\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/01/20/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250124-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250418-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/01/20/2\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250124-0005/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250418-0010/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-05-26T18:03:44.262Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.1, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-13176\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-27T20:21:21.345629Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-27T20:25:25.308Z\"}}], \"cna\": {\"title\": \"Timing side-channel in ECDSA signature computation\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"George Pantelakis (Red Hat)\"}, {\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Alicja Kario (Red Hat)\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Tom\\u00e1\\u0161 Mr\\u00e1z\"}], \"metrics\": [{\"other\": {\"type\": \"https://openssl-library.org/policies/general/security-policy/\", \"content\": {\"text\": \"Low\"}}, \"format\": \"other\"}], \"affected\": [{\"vendor\": \"OpenSSL\", \"product\": \"OpenSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.4.0\", \"lessThan\": \"3.4.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.3.0\", \"lessThan\": \"3.3.3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.2.0\", \"lessThan\": \"3.2.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.1.0\", \"lessThan\": \"3.1.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.0.16\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.1.1\", \"lessThan\": \"1.1.1zb\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.0.2\", \"lessThan\": \"1.0.2zl\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-01-20T14:00:00.000Z\", \"references\": [{\"url\": \"https://openssl-library.org/news/secadv/20250120.txt\", \"name\": \"OpenSSL Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f\", \"name\": \"3.3.4 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902\", \"name\": \"3.3.3 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65\", \"name\": \"3.2.4 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467\", \"name\": \"3.1.8 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844\", \"name\": \"3.0.16 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86\", \"name\": \"1.1.1zb git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded\", \"name\": \"1.0.2zl git commit\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Issue summary: A timing side-channel which could potentially allow recovering\\nthe private key exists in the ECDSA signature computation.\\n\\nImpact summary: A timing side-channel in ECDSA signature computations\\ncould allow recovering the private key by an attacker. However, measuring\\nthe timing would require either local access to the signing application or\\na very fast network connection with low latency.\\n\\nThere is a timing signal of around 300 nanoseconds when the top word of\\nthe inverted ECDSA nonce value is zero. This can happen with significant\\nprobability only for some of the supported elliptic curves. In particular\\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\\nprocess must either be located in the same physical computer or must\\nhave a very fast network connection with low latency. For that reason\\nthe severity of this vulnerability is Low.\\n\\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Issue summary: A timing side-channel which could potentially allow recovering\u003cbr\u003ethe private key exists in the ECDSA signature computation.\u003cbr\u003e\u003cbr\u003eImpact summary: A timing side-channel in ECDSA signature computations\u003cbr\u003ecould allow recovering the private key by an attacker. However, measuring\u003cbr\u003ethe timing would require either local access to the signing application or\u003cbr\u003ea very fast network connection with low latency.\u003cbr\u003e\u003cbr\u003eThere is a timing signal of around 300 nanoseconds when the top word of\u003cbr\u003ethe inverted ECDSA nonce value is zero. This can happen with significant\u003cbr\u003eprobability only for some of the supported elliptic curves. In particular\u003cbr\u003ethe NIST P-521 curve is affected. To be able to measure this leak, the attacker\u003cbr\u003eprocess must either be located in the same physical computer or must\u003cbr\u003ehave a very fast network connection with low latency. For that reason\u003cbr\u003ethe severity of this vulnerability is Low.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-385\", \"description\": \"CWE-385 Covert Timing Channel\"}]}], \"providerMetadata\": {\"orgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"shortName\": \"openssl\", \"dateUpdated\": \"2025-03-18T07:51:11.697Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-13176\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-26T18:03:44.262Z\", \"dateReserved\": \"2025-01-07T09:34:54.572Z\", \"assignerOrgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"datePublished\": \"2025-01-20T13:29:57.047Z\", \"assignerShortName\": \"openssl\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
suse-su-2025:0613-3
Vulnerability from csaf_suse
Published
2025-05-15 08:51
Modified
2025-05-15 08:51
Summary
Security update for openssl-1_1
Notes
Title of the patch
Security update for openssl-1_1
Description of the patch
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136).
Other bugfixes:
- Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771).
Patchnames
SUSE-2025-613,SUSE-SLE-Module-Certifications-15-SP7-2025-613
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-1_1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-1_1 fixes the following issues:\n\n- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136).\n\nOther bugfixes:\n\n- Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-613,SUSE-SLE-Module-Certifications-15-SP7-2025-613",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0613-3.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0613-3",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250613-3/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0613-3",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020832.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236136",
"url": "https://bugzilla.suse.com/1236136"
},
{
"category": "self",
"summary": "SUSE Bug 1236771",
"url": "https://bugzilla.suse.com/1236771"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13176/"
}
],
"title": "Security update for openssl-1_1",
"tracking": {
"current_release_date": "2025-05-15T08:51:28Z",
"generator": {
"date": "2025-05-15T08:51:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0613-3",
"initial_release_date": "2025-05-15T08:51:28Z",
"revision_history": [
{
"date": "2025-05-15T08:51:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"product_id": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"product": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"product_id": "libopenssl1_1-1.1.1w-150600.5.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"product": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"product_id": "openssl-1_1-1.1.1w-150600.5.12.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32",
"product": {
"name": "libopenssl-1_1-devel-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32",
"product_id": "libopenssl-1_1-devel-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32",
"product": {
"name": "libopenssl1_1-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32",
"product_id": "libopenssl1_1-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.i586",
"product": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.i586",
"product_id": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.i586",
"product": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.i586",
"product_id": "libopenssl1_1-1.1.1w-150600.5.12.2.i586"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1w-150600.5.12.2.i586",
"product": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.i586",
"product_id": "openssl-1_1-1.1.1w-150600.5.12.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1_1-doc-1.1.1w-150600.5.12.2.noarch",
"product": {
"name": "openssl-1_1-doc-1.1.1w-150600.5.12.2.noarch",
"product_id": "openssl-1_1-doc-1.1.1w-150600.5.12.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"product": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"product_id": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"product": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"product_id": "libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"product": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"product_id": "openssl-1_1-1.1.1w-150600.5.12.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"product": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"product_id": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"product": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"product_id": "libopenssl1_1-1.1.1w-150600.5.12.2.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"product": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"product_id": "openssl-1_1-1.1.1w-150600.5.12.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"product_id": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"product": {
"name": "libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"product_id": "libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"product": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"product_id": "libopenssl1_1-1.1.1w-150600.5.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"product": {
"name": "libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"product_id": "libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1w-150600.5.12.2.x86_64",
"product": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.x86_64",
"product_id": "openssl-1_1-1.1.1w-150600.5.12.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Certifications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-certifications:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64 as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64 as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64 as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.aarch64 as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.s390x as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.s390x"
},
"product_reference": "libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.x86_64 as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64 as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.aarch64 as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.aarch64"
},
"product_reference": "openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.ppc64le as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.s390x as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.s390x"
},
"product_reference": "openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.x86_64 as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "openssl-1_1-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13176"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13176",
"url": "https://www.suse.com/security/cve/CVE-2024-13176"
},
{
"category": "external",
"summary": "SUSE Bug 1236136 for CVE-2024-13176",
"url": "https://bugzilla.suse.com/1236136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-15T08:51:28Z",
"details": "moderate"
}
],
"title": "CVE-2024-13176"
}
]
}
suse-su-2025:0356-1
Vulnerability from csaf_suse
Published
2025-02-04 13:33
Modified
2025-02-04 13:33
Summary
Security update for openssl-1_1
Notes
Title of the patch
Security update for openssl-1_1
Description of the patch
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)
Patchnames
SUSE-2025-356,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-356,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-356,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-356,SUSE-SUSE-MicroOS-5.1-2025-356,SUSE-SUSE-MicroOS-5.2-2025-356,SUSE-Storage-7.1-2025-356
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-1_1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-1_1 fixes the following issues:\n\n- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-356,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-356,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-356,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-356,SUSE-SUSE-MicroOS-5.1-2025-356,SUSE-SUSE-MicroOS-5.2-2025-356,SUSE-Storage-7.1-2025-356",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0356-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0356-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250356-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0356-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020282.html"
},
{
"category": "self",
"summary": "SUSE Bug 1226463",
"url": "https://bugzilla.suse.com/1226463"
},
{
"category": "self",
"summary": "SUSE Bug 1236136",
"url": "https://bugzilla.suse.com/1236136"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13176/"
}
],
"title": "Security update for openssl-1_1",
"tracking": {
"current_release_date": "2025-02-04T13:33:47Z",
"generator": {
"date": "2025-02-04T13:33:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0356-1",
"initial_release_date": "2025-02-04T13:33:47Z",
"revision_history": [
{
"date": "2025-02-04T13:33:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"product_id": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"product": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"product_id": "libopenssl1_1-1.1.1d-150200.11.100.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"product": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"product_id": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"product": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"product_id": "openssl-1_1-1.1.1d-150200.11.100.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-64bit-1.1.1d-150200.11.100.1.aarch64_ilp32",
"product": {
"name": "libopenssl-1_1-devel-64bit-1.1.1d-150200.11.100.1.aarch64_ilp32",
"product_id": "libopenssl-1_1-devel-64bit-1.1.1d-150200.11.100.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-64bit-1.1.1d-150200.11.100.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_1-64bit-1.1.1d-150200.11.100.1.aarch64_ilp32",
"product_id": "libopenssl1_1-64bit-1.1.1d-150200.11.100.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-64bit-1.1.1d-150200.11.100.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_1-hmac-64bit-1.1.1d-150200.11.100.1.aarch64_ilp32",
"product_id": "libopenssl1_1-hmac-64bit-1.1.1d-150200.11.100.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.i586",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.i586",
"product_id": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.i586",
"product": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.i586",
"product_id": "libopenssl1_1-1.1.1d-150200.11.100.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.i586",
"product": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.i586",
"product_id": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-150200.11.100.1.i586",
"product": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.i586",
"product_id": "openssl-1_1-1.1.1d-150200.11.100.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch",
"product": {
"name": "openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch",
"product_id": "openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.ppc64le",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.ppc64le",
"product_id": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.ppc64le",
"product": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.ppc64le",
"product_id": "libopenssl1_1-1.1.1d-150200.11.100.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.ppc64le",
"product": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.ppc64le",
"product_id": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-150200.11.100.1.ppc64le",
"product": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.ppc64le",
"product_id": "openssl-1_1-1.1.1d-150200.11.100.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x",
"product_id": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.s390x",
"product": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.s390x",
"product_id": "libopenssl1_1-1.1.1d-150200.11.100.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x",
"product": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x",
"product_id": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-150200.11.100.1.s390x",
"product": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.s390x",
"product_id": "openssl-1_1-1.1.1d-150200.11.100.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"product_id": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"product": {
"name": "libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"product_id": "libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"product": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"product_id": "libopenssl1_1-1.1.1d-150200.11.100.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"product": {
"name": "libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"product_id": "libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"product": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"product_id": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"product": {
"name": "libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"product_id": "libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"product": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"product_id": "openssl-1_1-1.1.1d-150200.11.100.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch"
},
"product_reference": "openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1d-150200.11.100.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.s390x"
},
"product_reference": "libopenssl1_1-1.1.1d-150200.11.100.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.ppc64le"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1d-150200.11.100.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.s390x"
},
"product_reference": "openssl-1_1-1.1.1d-150200.11.100.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch"
},
"product_reference": "openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-1.1.1d-150200.11.100.1.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1d-150200.11.100.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.ppc64le"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:openssl-1_1-1.1.1d-150200.11.100.1.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1d-150200.11.100.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:openssl-1_1-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch"
},
"product_reference": "openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libopenssl1_1-1.1.1d-150200.11.100.1.s390x"
},
"product_reference": "libopenssl1_1-1.1.1d-150200.11.100.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:openssl-1_1-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:openssl-1_1-1.1.1d-150200.11.100.1.s390x"
},
"product_reference": "openssl-1_1-1.1.1d-150200.11.100.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:openssl-1_1-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libopenssl1_1-1.1.1d-150200.11.100.1.s390x"
},
"product_reference": "libopenssl1_1-1.1.1d-150200.11.100.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:openssl-1_1-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:openssl-1_1-1.1.1d-150200.11.100.1.s390x"
},
"product_reference": "openssl-1_1-1.1.1d-150200.11.100.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:openssl-1_1-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:openssl-1_1-1.1.1d-150200.11.100.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-150200.11.100.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:openssl-1_1-1.1.1d-150200.11.100.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch"
},
"product_reference": "openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13176"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"SUSE Enterprise Storage 7.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Enterprise Storage 7.1:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch",
"SUSE Linux Enterprise Micro 5.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:openssl-1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.1:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:openssl-1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.2:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:openssl-1_1-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13176",
"url": "https://www.suse.com/security/cve/CVE-2024-13176"
},
{
"category": "external",
"summary": "SUSE Bug 1236136 for CVE-2024-13176",
"url": "https://bugzilla.suse.com/1236136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"SUSE Enterprise Storage 7.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Enterprise Storage 7.1:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch",
"SUSE Linux Enterprise Micro 5.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:openssl-1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.1:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:openssl-1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.2:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:openssl-1_1-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"SUSE Enterprise Storage 7.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Enterprise Storage 7.1:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Enterprise Storage 7.1:openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch",
"SUSE Linux Enterprise Micro 5.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:openssl-1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.1:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:openssl-1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Micro 5.2:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl-1_1-devel-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl-1_1-devel-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-hmac-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libopenssl1_1-hmac-32bit-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:openssl-1_1-1.1.1d-150200.11.100.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:openssl-1_1-1.1.1d-150200.11.100.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:openssl-1_1-doc-1.1.1d-150200.11.100.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-04T13:33:47Z",
"details": "moderate"
}
],
"title": "CVE-2024-13176"
}
]
}
suse-su-2025:0345-1
Vulnerability from csaf_suse
Published
2025-02-03 20:04
Modified
2025-02-03 20:04
Summary
Security update for openssl-1_1
Notes
Title of the patch
Security update for openssl-1_1
Description of the patch
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)
Patchnames
SUSE-2025-345,SUSE-SLE-Micro-5.5-2025-345,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-345,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-345,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-345,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-345
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-1_1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-1_1 fixes the following issues:\n\n- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-345,SUSE-SLE-Micro-5.5-2025-345,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-345,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-345,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-345,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-345",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0345-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0345-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250345-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0345-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020271.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236136",
"url": "https://bugzilla.suse.com/1236136"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13176/"
}
],
"title": "Security update for openssl-1_1",
"tracking": {
"current_release_date": "2025-02-03T20:04:07Z",
"generator": {
"date": "2025-02-03T20:04:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0345-1",
"initial_release_date": "2025-02-03T20:04:07Z",
"revision_history": [
{
"date": "2025-02-03T20:04:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"product_id": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"product": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"product_id": "libopenssl1_1-1.1.1l-150500.17.40.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"product": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"product_id": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"product": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"product_id": "openssl-1_1-1.1.1l-150500.17.40.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-64bit-1.1.1l-150500.17.40.1.aarch64_ilp32",
"product": {
"name": "libopenssl-1_1-devel-64bit-1.1.1l-150500.17.40.1.aarch64_ilp32",
"product_id": "libopenssl-1_1-devel-64bit-1.1.1l-150500.17.40.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-64bit-1.1.1l-150500.17.40.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_1-64bit-1.1.1l-150500.17.40.1.aarch64_ilp32",
"product_id": "libopenssl1_1-64bit-1.1.1l-150500.17.40.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-64bit-1.1.1l-150500.17.40.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_1-hmac-64bit-1.1.1l-150500.17.40.1.aarch64_ilp32",
"product_id": "libopenssl1_1-hmac-64bit-1.1.1l-150500.17.40.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.i586",
"product": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.i586",
"product_id": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.i586",
"product": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.i586",
"product_id": "libopenssl1_1-1.1.1l-150500.17.40.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.i586",
"product": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.i586",
"product_id": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1l-150500.17.40.1.i586",
"product": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.i586",
"product_id": "openssl-1_1-1.1.1l-150500.17.40.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1_1-doc-1.1.1l-150500.17.40.1.noarch",
"product": {
"name": "openssl-1_1-doc-1.1.1l-150500.17.40.1.noarch",
"product_id": "openssl-1_1-doc-1.1.1l-150500.17.40.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le",
"product": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le",
"product_id": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le",
"product": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le",
"product_id": "libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le",
"product": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le",
"product_id": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1l-150500.17.40.1.ppc64le",
"product": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.ppc64le",
"product_id": "openssl-1_1-1.1.1l-150500.17.40.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.s390x",
"product": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.s390x",
"product_id": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.s390x",
"product": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.s390x",
"product_id": "libopenssl1_1-1.1.1l-150500.17.40.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.s390x",
"product": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.s390x",
"product_id": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1l-150500.17.40.1.s390x",
"product": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.s390x",
"product_id": "openssl-1_1-1.1.1l-150500.17.40.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"product_id": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_1-devel-32bit-1.1.1l-150500.17.40.1.x86_64",
"product": {
"name": "libopenssl-1_1-devel-32bit-1.1.1l-150500.17.40.1.x86_64",
"product_id": "libopenssl-1_1-devel-32bit-1.1.1l-150500.17.40.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"product": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"product_id": "libopenssl1_1-1.1.1l-150500.17.40.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"product": {
"name": "libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"product_id": "libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"product": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"product_id": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"product": {
"name": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"product_id": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"product": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"product_id": "openssl-1_1-1.1.1l-150500.17.40.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.40.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.40.1.s390x"
},
"product_reference": "libopenssl1_1-1.1.1l-150500.17.40.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.s390x"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.40.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.40.1.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1l-150500.17.40.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.40.1.s390x"
},
"product_reference": "openssl-1_1-1.1.1l-150500.17.40.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-1.1.1l-150500.17.40.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-1_1-1.1.1l-150500.17.40.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-1_1-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.s390x"
},
"product_reference": "libopenssl1_1-1.1.1l-150500.17.40.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.s390x"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1l-150500.17.40.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.s390x"
},
"product_reference": "openssl-1_1-1.1.1l-150500.17.40.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-1_1-1.1.1l-150500.17.40.1.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1l-150500.17.40.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150500.17.40.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-1_1-1.1.1l-150500.17.40.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13176"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-1_1-1.1.1l-150500.17.40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13176",
"url": "https://www.suse.com/security/cve/CVE-2024-13176"
},
{
"category": "external",
"summary": "SUSE Bug 1236136 for CVE-2024-13176",
"url": "https://bugzilla.suse.com/1236136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-1_1-1.1.1l-150500.17.40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.40.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-1_1-1.1.1l-150500.17.40.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-1_1-1.1.1l-150500.17.40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T20:04:07Z",
"details": "moderate"
}
],
"title": "CVE-2024-13176"
}
]
}
suse-su-2025:20464-1
Vulnerability from csaf_suse
Published
2025-07-03 10:28
Modified
2025-07-03 10:28
Summary
Security update for openssl-3
Notes
Title of the patch
Security update for openssl-3
Description of the patch
This update for openssl-3 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)
Patchnames
SUSE-SLE-Micro-6.0-373
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\n- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-373",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20464-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20464-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520464-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20464-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040661.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236136",
"url": "https://bugzilla.suse.com/1236136"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13176/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2025-07-03T10:28:04Z",
"generator": {
"date": "2025-07-03T10:28:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20464-1",
"initial_release_date": "2025-07-03T10:28:04Z",
"revision_history": [
{
"date": "2025-07-03T10:28:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-9.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.1.4-9.1.aarch64",
"product_id": "libopenssl-3-devel-3.1.4-9.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-9.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-9.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.1.4-9.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-9.1.aarch64",
"product": {
"name": "libopenssl3-3.1.4-9.1.aarch64",
"product_id": "libopenssl3-3.1.4-9.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-9.1.aarch64",
"product": {
"name": "openssl-3-3.1.4-9.1.aarch64",
"product_id": "openssl-3-3.1.4-9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-9.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.1.4-9.1.s390x",
"product_id": "libopenssl-3-devel-3.1.4-9.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-9.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-9.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.1.4-9.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-9.1.s390x",
"product": {
"name": "libopenssl3-3.1.4-9.1.s390x",
"product_id": "libopenssl3-3.1.4-9.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-9.1.s390x",
"product": {
"name": "openssl-3-3.1.4-9.1.s390x",
"product_id": "openssl-3-3.1.4-9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-9.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.1.4-9.1.x86_64",
"product_id": "libopenssl-3-devel-3.1.4-9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-9.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-9.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.1.4-9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-9.1.x86_64",
"product": {
"name": "libopenssl3-3.1.4-9.1.x86_64",
"product_id": "libopenssl3-3.1.4-9.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-9.1.x86_64",
"product": {
"name": "openssl-3-3.1.4-9.1.x86_64",
"product_id": "openssl-3-3.1.4-9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-9.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-9.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.1.4-9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-9.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-9.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.1.4-9.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-9.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-9.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.1.4-9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-9.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-9.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-9.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-9.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-9.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-9.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-9.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-9.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl3-3.1.4-9.1.aarch64"
},
"product_reference": "libopenssl3-3.1.4-9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-9.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl3-3.1.4-9.1.s390x"
},
"product_reference": "libopenssl3-3.1.4-9.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-9.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl3-3.1.4-9.1.x86_64"
},
"product_reference": "libopenssl3-3.1.4-9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-9.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssl-3-3.1.4-9.1.aarch64"
},
"product_reference": "openssl-3-3.1.4-9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-9.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssl-3-3.1.4-9.1.s390x"
},
"product_reference": "openssl-3-3.1.4-9.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-9.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssl-3-3.1.4-9.1.x86_64"
},
"product_reference": "openssl-3-3.1.4-9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13176"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-9.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-9.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-9.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-9.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-9.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-9.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-9.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-9.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-9.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-9.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-9.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13176",
"url": "https://www.suse.com/security/cve/CVE-2024-13176"
},
{
"category": "external",
"summary": "SUSE Bug 1236136 for CVE-2024-13176",
"url": "https://bugzilla.suse.com/1236136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-9.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-9.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-9.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-9.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-9.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-9.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-9.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-9.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-9.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-9.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-9.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-9.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-9.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-9.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-9.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-9.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-9.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-9.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-9.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-9.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-9.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-9.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T10:28:04Z",
"details": "moderate"
}
],
"title": "CVE-2024-13176"
}
]
}
suse-su-2025:0349-1
Vulnerability from csaf_suse
Published
2025-02-04 08:34
Modified
2025-02-04 08:34
Summary
Security update for openssl-1_1
Notes
Title of the patch
Security update for openssl-1_1
Description of the patch
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)
Patchnames
SUSE-2025-349,SUSE-SLE-Micro-5.3-2025-349,SUSE-SLE-Micro-5.4-2025-349,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-349,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-349,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-349,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-349,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-349,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-349
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-1_1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-1_1 fixes the following issues:\n\n- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-349,SUSE-SLE-Micro-5.3-2025-349,SUSE-SLE-Micro-5.4-2025-349,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-349,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-349,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-349,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-349,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-349,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-349",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0349-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0349-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250349-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0349-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020286.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236136",
"url": "https://bugzilla.suse.com/1236136"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13176/"
}
],
"title": "Security update for openssl-1_1",
"tracking": {
"current_release_date": "2025-02-04T08:34:48Z",
"generator": {
"date": "2025-02-04T08:34:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0349-1",
"initial_release_date": "2025-02-04T08:34:48Z",
"revision_history": [
{
"date": "2025-02-04T08:34:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"product_id": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"product": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"product_id": "libopenssl1_1-1.1.1l-150400.7.78.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"product": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"product_id": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"product": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"product_id": "openssl-1_1-1.1.1l-150400.7.78.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-64bit-1.1.1l-150400.7.78.1.aarch64_ilp32",
"product": {
"name": "libopenssl-1_1-devel-64bit-1.1.1l-150400.7.78.1.aarch64_ilp32",
"product_id": "libopenssl-1_1-devel-64bit-1.1.1l-150400.7.78.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-64bit-1.1.1l-150400.7.78.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_1-64bit-1.1.1l-150400.7.78.1.aarch64_ilp32",
"product_id": "libopenssl1_1-64bit-1.1.1l-150400.7.78.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-64bit-1.1.1l-150400.7.78.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_1-hmac-64bit-1.1.1l-150400.7.78.1.aarch64_ilp32",
"product_id": "libopenssl1_1-hmac-64bit-1.1.1l-150400.7.78.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.i586",
"product": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.i586",
"product_id": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.i586",
"product": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.i586",
"product_id": "libopenssl1_1-1.1.1l-150400.7.78.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.i586",
"product": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.i586",
"product_id": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1l-150400.7.78.1.i586",
"product": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.i586",
"product_id": "openssl-1_1-1.1.1l-150400.7.78.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1_1-doc-1.1.1l-150400.7.78.1.noarch",
"product": {
"name": "openssl-1_1-doc-1.1.1l-150400.7.78.1.noarch",
"product_id": "openssl-1_1-doc-1.1.1l-150400.7.78.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le",
"product": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le",
"product_id": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le",
"product": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le",
"product_id": "libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le",
"product": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le",
"product_id": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1l-150400.7.78.1.ppc64le",
"product": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.ppc64le",
"product_id": "openssl-1_1-1.1.1l-150400.7.78.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"product": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"product_id": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"product": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"product_id": "libopenssl1_1-1.1.1l-150400.7.78.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"product": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"product_id": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"product": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"product_id": "openssl-1_1-1.1.1l-150400.7.78.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"product_id": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"product": {
"name": "libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"product_id": "libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"product": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"product_id": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"product": {
"name": "libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"product_id": "libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"product": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"product_id": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"product": {
"name": "libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"product_id": "libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"product": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"product_id": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl1_1-1.1.1l-150400.7.78.1.s390x"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:openssl-1_1-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:openssl-1_1-1.1.1l-150400.7.78.1.s390x"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:openssl-1_1-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl1_1-1.1.1l-150400.7.78.1.s390x"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:openssl-1_1-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:openssl-1_1-1.1.1l-150400.7.78.1.s390x"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:openssl-1_1-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-1_1-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-1_1-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.s390x"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.s390x"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-1_1-1.1.1l-150400.7.78.1.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-1_1-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:openssl-1_1-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl1_1-1.1.1l-150400.7.78.1.s390x"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:openssl-1_1-1.1.1l-150400.7.78.1.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:openssl-1_1-1.1.1l-150400.7.78.1.s390x"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:openssl-1_1-1.1.1l-150400.7.78.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13176"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Manager Server 4.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"SUSE Manager Server 4.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Manager Server 4.3:libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Manager Server 4.3:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Manager Server 4.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"SUSE Manager Server 4.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:openssl-1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Manager Server 4.3:openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Manager Server 4.3:openssl-1_1-1.1.1l-150400.7.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13176",
"url": "https://www.suse.com/security/cve/CVE-2024-13176"
},
{
"category": "external",
"summary": "SUSE Bug 1236136 for CVE-2024-13176",
"url": "https://bugzilla.suse.com/1236136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Manager Server 4.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"SUSE Manager Server 4.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Manager Server 4.3:libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Manager Server 4.3:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Manager Server 4.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"SUSE Manager Server 4.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:openssl-1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Manager Server 4.3:openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Manager Server 4.3:openssl-1_1-1.1.1l-150400.7.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Proxy 4.3:openssl-1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Manager Server 4.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.s390x",
"SUSE Manager Server 4.3:libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Manager Server 4.3:libopenssl1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Manager Server 4.3:libopenssl1_1-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Manager Server 4.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.s390x",
"SUSE Manager Server 4.3:libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64",
"SUSE Manager Server 4.3:openssl-1_1-1.1.1l-150400.7.78.1.ppc64le",
"SUSE Manager Server 4.3:openssl-1_1-1.1.1l-150400.7.78.1.s390x",
"SUSE Manager Server 4.3:openssl-1_1-1.1.1l-150400.7.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-04T08:34:48Z",
"details": "moderate"
}
],
"title": "CVE-2024-13176"
}
]
}
suse-su-2025:0613-2
Vulnerability from csaf_suse
Published
2025-05-15 08:51
Modified
2025-05-15 08:51
Summary
Security update for openssl-1_1
Notes
Title of the patch
Security update for openssl-1_1
Description of the patch
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136).
Other bugfixes:
- Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771).
Patchnames
SUSE-2025-613,SUSE-SLE-Module-Certifications-15-SP7-2025-613
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-1_1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-1_1 fixes the following issues:\n\n- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136).\n\nOther bugfixes:\n\n- Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-613,SUSE-SLE-Module-Certifications-15-SP7-2025-613",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0613-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0613-2",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250613-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0613-2",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039184.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236136",
"url": "https://bugzilla.suse.com/1236136"
},
{
"category": "self",
"summary": "SUSE Bug 1236771",
"url": "https://bugzilla.suse.com/1236771"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13176/"
}
],
"title": "Security update for openssl-1_1",
"tracking": {
"current_release_date": "2025-05-15T08:51:28Z",
"generator": {
"date": "2025-05-15T08:51:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0613-2",
"initial_release_date": "2025-05-15T08:51:28Z",
"revision_history": [
{
"date": "2025-05-15T08:51:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"product_id": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"product": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"product_id": "libopenssl1_1-1.1.1w-150600.5.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"product": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"product_id": "openssl-1_1-1.1.1w-150600.5.12.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32",
"product": {
"name": "libopenssl-1_1-devel-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32",
"product_id": "libopenssl-1_1-devel-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32",
"product": {
"name": "libopenssl1_1-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32",
"product_id": "libopenssl1_1-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.i586",
"product": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.i586",
"product_id": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.i586",
"product": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.i586",
"product_id": "libopenssl1_1-1.1.1w-150600.5.12.2.i586"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1w-150600.5.12.2.i586",
"product": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.i586",
"product_id": "openssl-1_1-1.1.1w-150600.5.12.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1_1-doc-1.1.1w-150600.5.12.2.noarch",
"product": {
"name": "openssl-1_1-doc-1.1.1w-150600.5.12.2.noarch",
"product_id": "openssl-1_1-doc-1.1.1w-150600.5.12.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"product": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"product_id": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"product": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"product_id": "libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"product": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"product_id": "openssl-1_1-1.1.1w-150600.5.12.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"product": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"product_id": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"product": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"product_id": "libopenssl1_1-1.1.1w-150600.5.12.2.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"product": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"product_id": "openssl-1_1-1.1.1w-150600.5.12.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"product_id": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"product": {
"name": "libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"product_id": "libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"product": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"product_id": "libopenssl1_1-1.1.1w-150600.5.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"product": {
"name": "libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"product_id": "libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1w-150600.5.12.2.x86_64",
"product": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.x86_64",
"product_id": "openssl-1_1-1.1.1w-150600.5.12.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Certifications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-certifications:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64 as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64 as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64 as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.aarch64 as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.s390x as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.s390x"
},
"product_reference": "libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.x86_64 as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64 as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.aarch64 as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.aarch64"
},
"product_reference": "openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.ppc64le as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.s390x as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.s390x"
},
"product_reference": "openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.x86_64 as component of SUSE Linux Enterprise Module for Certifications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "openssl-1_1-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Certifications 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13176"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13176",
"url": "https://www.suse.com/security/cve/CVE-2024-13176"
},
{
"category": "external",
"summary": "SUSE Bug 1236136 for CVE-2024-13176",
"url": "https://bugzilla.suse.com/1236136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Certifications 15 SP7:openssl-1_1-1.1.1w-150600.5.12.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-15T08:51:28Z",
"details": "moderate"
}
],
"title": "CVE-2024-13176"
}
]
}
suse-su-2025:20406-1
Vulnerability from csaf_suse
Published
2025-06-13 11:05
Modified
2025-06-13 11:05
Summary
Security update for openssl-3
Notes
Title of the patch
Security update for openssl-3
Description of the patch
This update for openssl-3 fixes the following issues:
- CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 on PPC arch (bsc#1240366)
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)
Patchnames
SUSE-SLE-Micro-6.0-353
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\n- CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 on PPC arch (bsc#1240366)\n- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-353",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20406-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20406-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520406-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20406-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040341.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236136",
"url": "https://bugzilla.suse.com/1236136"
},
{
"category": "self",
"summary": "SUSE Bug 1240366",
"url": "https://bugzilla.suse.com/1240366"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27587 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27587/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2025-06-13T11:05:04Z",
"generator": {
"date": "2025-06-13T11:05:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20406-1",
"initial_release_date": "2025-06-13T11:05:04Z",
"revision_history": [
{
"date": "2025-06-13T11:05:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-8.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.1.4-8.1.aarch64",
"product_id": "libopenssl-3-devel-3.1.4-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.1.4-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-8.1.aarch64",
"product": {
"name": "libopenssl3-3.1.4-8.1.aarch64",
"product_id": "libopenssl3-3.1.4-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-8.1.aarch64",
"product": {
"name": "openssl-3-3.1.4-8.1.aarch64",
"product_id": "openssl-3-3.1.4-8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-8.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.1.4-8.1.s390x",
"product_id": "libopenssl-3-devel-3.1.4-8.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.1.4-8.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-8.1.s390x",
"product": {
"name": "libopenssl3-3.1.4-8.1.s390x",
"product_id": "libopenssl3-3.1.4-8.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-8.1.s390x",
"product": {
"name": "openssl-3-3.1.4-8.1.s390x",
"product_id": "openssl-3-3.1.4-8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-8.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.1.4-8.1.x86_64",
"product_id": "libopenssl-3-devel-3.1.4-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.1.4-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-8.1.x86_64",
"product": {
"name": "libopenssl3-3.1.4-8.1.x86_64",
"product_id": "libopenssl3-3.1.4-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-8.1.x86_64",
"product": {
"name": "openssl-3-3.1.4-8.1.x86_64",
"product_id": "openssl-3-3.1.4-8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-8.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.1.4-8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-8.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.1.4-8.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-8.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.1.4-8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-8.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-8.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-8.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-8.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.aarch64"
},
"product_reference": "libopenssl3-3.1.4-8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-8.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.s390x"
},
"product_reference": "libopenssl3-3.1.4-8.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-8.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.x86_64"
},
"product_reference": "libopenssl3-3.1.4-8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-8.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.aarch64"
},
"product_reference": "openssl-3-3.1.4-8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-8.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.s390x"
},
"product_reference": "openssl-3-3.1.4-8.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-8.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.x86_64"
},
"product_reference": "openssl-3-3.1.4-8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13176"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13176",
"url": "https://www.suse.com/security/cve/CVE-2024-13176"
},
{
"category": "external",
"summary": "SUSE Bug 1236136 for CVE-2024-13176",
"url": "https://bugzilla.suse.com/1236136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-13T11:05:04Z",
"details": "moderate"
}
],
"title": "CVE-2024-13176"
},
{
"cve": "CVE-2025-27587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27587"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27587",
"url": "https://www.suse.com/security/cve/CVE-2025-27587"
},
{
"category": "external",
"summary": "SUSE Bug 1240366 for CVE-2025-27587",
"url": "https://bugzilla.suse.com/1240366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-13T11:05:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-27587"
}
]
}
suse-su-2025:02042-1
Vulnerability from csaf_suse
Published
2025-06-20 10:38
Modified
2025-06-20 10:38
Summary
Security update for openssl-3
Notes
Title of the patch
Security update for openssl-3
Description of the patch
This update for openssl-3 fixes the following issues:
- CVE-2025-27587: timing side-channel vulnerability in the P-384 implementation when used with ECDSA (bsc#1243459).
- CVE-2024-12797: Fixed that RFC7250 handshakes with unauthenticated servers don't abort as expected. (bsc#1236599)
- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136)
Patchnames
SUSE-2025-2042,SUSE-SLE-Module-Basesystem-15-SP7-2025-2042
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\n- CVE-2025-27587: timing side-channel vulnerability in the P-384 implementation when used with ECDSA (bsc#1243459).\n- CVE-2024-12797: Fixed that RFC7250 handshakes with unauthenticated servers don\u0027t abort as expected. (bsc#1236599)\n- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2042,SUSE-SLE-Module-Basesystem-15-SP7-2025-2042",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02042-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02042-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502042-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02042-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040404.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236136",
"url": "https://bugzilla.suse.com/1236136"
},
{
"category": "self",
"summary": "SUSE Bug 1236599",
"url": "https://bugzilla.suse.com/1236599"
},
{
"category": "self",
"summary": "SUSE Bug 1243459",
"url": "https://bugzilla.suse.com/1243459"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12797 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27587 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27587/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2025-06-20T10:38:46Z",
"generator": {
"date": "2025-06-20T10:38:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02042-1",
"initial_release_date": "2025-06-20T10:38:46Z",
"revision_history": [
{
"date": "2025-06-20T10:38:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.5.1.aarch64",
"product": {
"name": "libopenssl3-3.2.3-150700.5.5.1.aarch64",
"product_id": "libopenssl3-3.2.3-150700.5.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.5.1.aarch64",
"product": {
"name": "openssl-3-3.2.3-150700.5.5.1.aarch64",
"product_id": "openssl-3-3.2.3-150700.5.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-64bit-3.2.3-150700.5.5.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-devel-64bit-3.2.3-150700.5.5.1.aarch64_ilp32",
"product_id": "libopenssl-3-devel-64bit-3.2.3-150700.5.5.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-64bit-3.2.3-150700.5.5.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-fips-provider-64bit-3.2.3-150700.5.5.1.aarch64_ilp32",
"product_id": "libopenssl-3-fips-provider-64bit-3.2.3-150700.5.5.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl3-64bit-3.2.3-150700.5.5.1.aarch64_ilp32",
"product": {
"name": "libopenssl3-64bit-3.2.3-150700.5.5.1.aarch64_ilp32",
"product_id": "libopenssl3-64bit-3.2.3-150700.5.5.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.i586",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.i586",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.5.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.i586",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.i586",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.5.1.i586",
"product": {
"name": "libopenssl3-3.2.3-150700.5.5.1.i586",
"product_id": "libopenssl3-3.2.3-150700.5.5.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.5.1.i586",
"product": {
"name": "openssl-3-3.2.3-150700.5.5.1.i586",
"product_id": "openssl-3-3.2.3-150700.5.5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-doc-3.2.3-150700.5.5.1.noarch",
"product": {
"name": "openssl-3-doc-3.2.3-150700.5.5.1.noarch",
"product_id": "openssl-3-doc-3.2.3-150700.5.5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"product": {
"name": "libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"product_id": "libopenssl3-3.2.3-150700.5.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.5.1.ppc64le",
"product": {
"name": "openssl-3-3.2.3-150700.5.5.1.ppc64le",
"product_id": "openssl-3-3.2.3-150700.5.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.5.1.s390x",
"product": {
"name": "libopenssl3-3.2.3-150700.5.5.1.s390x",
"product_id": "libopenssl3-3.2.3-150700.5.5.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.5.1.s390x",
"product": {
"name": "openssl-3-3.2.3-150700.5.5.1.s390x",
"product_id": "openssl-3-3.2.3-150700.5.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.2.3-150700.5.5.1.x86_64",
"product": {
"name": "libopenssl-3-devel-32bit-3.2.3-150700.5.5.1.x86_64",
"product_id": "libopenssl-3-devel-32bit-3.2.3-150700.5.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"product_id": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.5.1.x86_64",
"product": {
"name": "libopenssl3-3.2.3-150700.5.5.1.x86_64",
"product_id": "libopenssl3-3.2.3-150700.5.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"product": {
"name": "libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"product_id": "libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.5.1.x86_64",
"product": {
"name": "openssl-3-3.2.3-150700.5.5.1.x86_64",
"product_id": "openssl-3-3.2.3-150700.5.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-150700.5.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64"
},
"product_reference": "libopenssl3-3.2.3-150700.5.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-150700.5.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le"
},
"product_reference": "libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-150700.5.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x"
},
"product_reference": "libopenssl3-3.2.3-150700.5.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-150700.5.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64"
},
"product_reference": "libopenssl3-3.2.3-150700.5.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64"
},
"product_reference": "libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-150700.5.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64"
},
"product_reference": "openssl-3-3.2.3-150700.5.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-150700.5.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le"
},
"product_reference": "openssl-3-3.2.3-150700.5.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-150700.5.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x"
},
"product_reference": "openssl-3-3.2.3-150700.5.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-150700.5.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
},
"product_reference": "openssl-3-3.2.3-150700.5.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12797"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\nserver may fail to notice that the server was not authenticated, because\nhandshakes don\u0027t abort as expected when the SSL_VERIFY_PEER verification mode\nis set.\n\nImpact summary: TLS and DTLS connections using raw public keys may be\nvulnerable to man-in-middle attacks when server authentication failure is not\ndetected by clients.\n\nRPKs are disabled by default in both TLS clients and TLS servers. The issue\nonly arises when TLS clients explicitly enable RPK use by the server, and the\nserver, likewise, enables sending of an RPK instead of an X.509 certificate\nchain. The affected clients are those that then rely on the handshake to\nfail when the server\u0027s RPK fails to match one of the expected public keys,\nby setting the verification mode to SSL_VERIFY_PEER.\n\nClients that enable server-side raw public keys can still find out that raw\npublic key verification failed by calling SSL_get_verify_result(), and those\nthat do, and take appropriate action, are not affected. This issue was\nintroduced in the initial implementation of RPK support in OpenSSL 3.2.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12797",
"url": "https://www.suse.com/security/cve/CVE-2024-12797"
},
{
"category": "external",
"summary": "SUSE Bug 1236599 for CVE-2024-12797",
"url": "https://bugzilla.suse.com/1236599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-20T10:38:46Z",
"details": "important"
}
],
"title": "CVE-2024-12797"
},
{
"cve": "CVE-2024-13176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13176"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13176",
"url": "https://www.suse.com/security/cve/CVE-2024-13176"
},
{
"category": "external",
"summary": "SUSE Bug 1236136 for CVE-2024-13176",
"url": "https://bugzilla.suse.com/1236136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-20T10:38:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-13176"
},
{
"cve": "CVE-2025-27587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27587"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27587",
"url": "https://www.suse.com/security/cve/CVE-2025-27587"
},
{
"category": "external",
"summary": "SUSE Bug 1240366 for CVE-2025-27587",
"url": "https://bugzilla.suse.com/1240366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-20T10:38:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-27587"
}
]
}
suse-su-2025:0388-1
Vulnerability from csaf_suse
Published
2025-02-07 17:18
Modified
2025-02-07 17:18
Summary
Security update for openssl-3
Notes
Title of the patch
Security update for openssl-3
Description of the patch
This update for openssl-3 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).
Patchnames
SUSE-2025-388,SUSE-SLE-Micro-5.3-2025-388,SUSE-SLE-Micro-5.4-2025-388,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-388,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-388,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-388,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-388,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-388,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-388
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\n- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-388,SUSE-SLE-Micro-5.3-2025-388,SUSE-SLE-Micro-5.4-2025-388,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-388,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-388,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-388,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-388,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-388,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-388",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0388-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0388-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250388-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0388-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020289.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236136",
"url": "https://bugzilla.suse.com/1236136"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13176/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2025-02-07T17:18:44Z",
"generator": {
"date": "2025-02-07T17:18:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0388-1",
"initial_release_date": "2025-02-07T17:18:44Z",
"revision_history": [
{
"date": "2025-02-07T17:18:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64",
"product_id": "libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150400.4.72.1.aarch64",
"product": {
"name": "libopenssl3-3.0.8-150400.4.72.1.aarch64",
"product_id": "libopenssl3-3.0.8-150400.4.72.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150400.4.72.1.aarch64",
"product": {
"name": "openssl-3-3.0.8-150400.4.72.1.aarch64",
"product_id": "openssl-3-3.0.8-150400.4.72.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-64bit-3.0.8-150400.4.72.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-devel-64bit-3.0.8-150400.4.72.1.aarch64_ilp32",
"product_id": "libopenssl-3-devel-64bit-3.0.8-150400.4.72.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl3-64bit-3.0.8-150400.4.72.1.aarch64_ilp32",
"product": {
"name": "libopenssl3-64bit-3.0.8-150400.4.72.1.aarch64_ilp32",
"product_id": "libopenssl3-64bit-3.0.8-150400.4.72.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.i586",
"product": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.i586",
"product_id": "libopenssl-3-devel-3.0.8-150400.4.72.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150400.4.72.1.i586",
"product": {
"name": "libopenssl3-3.0.8-150400.4.72.1.i586",
"product_id": "libopenssl3-3.0.8-150400.4.72.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150400.4.72.1.i586",
"product": {
"name": "openssl-3-3.0.8-150400.4.72.1.i586",
"product_id": "openssl-3-3.0.8-150400.4.72.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-doc-3.0.8-150400.4.72.1.noarch",
"product": {
"name": "openssl-3-doc-3.0.8-150400.4.72.1.noarch",
"product_id": "openssl-3-doc-3.0.8-150400.4.72.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le",
"product_id": "libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150400.4.72.1.ppc64le",
"product": {
"name": "libopenssl3-3.0.8-150400.4.72.1.ppc64le",
"product_id": "libopenssl3-3.0.8-150400.4.72.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150400.4.72.1.ppc64le",
"product": {
"name": "openssl-3-3.0.8-150400.4.72.1.ppc64le",
"product_id": "openssl-3-3.0.8-150400.4.72.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.s390x",
"product_id": "libopenssl-3-devel-3.0.8-150400.4.72.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150400.4.72.1.s390x",
"product": {
"name": "libopenssl3-3.0.8-150400.4.72.1.s390x",
"product_id": "libopenssl3-3.0.8-150400.4.72.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150400.4.72.1.s390x",
"product": {
"name": "openssl-3-3.0.8-150400.4.72.1.s390x",
"product_id": "openssl-3-3.0.8-150400.4.72.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"product_id": "libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.0.8-150400.4.72.1.x86_64",
"product": {
"name": "libopenssl-3-devel-32bit-3.0.8-150400.4.72.1.x86_64",
"product_id": "libopenssl-3-devel-32bit-3.0.8-150400.4.72.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150400.4.72.1.x86_64",
"product": {
"name": "libopenssl3-3.0.8-150400.4.72.1.x86_64",
"product_id": "libopenssl3-3.0.8-150400.4.72.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.0.8-150400.4.72.1.x86_64",
"product": {
"name": "libopenssl3-32bit-3.0.8-150400.4.72.1.x86_64",
"product_id": "libopenssl3-32bit-3.0.8-150400.4.72.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150400.4.72.1.x86_64",
"product": {
"name": "openssl-3-3.0.8-150400.4.72.1.x86_64",
"product_id": "openssl-3-3.0.8-150400.4.72.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.72.1.aarch64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.72.1.s390x"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.72.1.aarch64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.72.1.s390x"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.72.1.aarch64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.72.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.72.1.aarch64"
},
"product_reference": "openssl-3-3.0.8-150400.4.72.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.72.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.aarch64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.72.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.aarch64"
},
"product_reference": "openssl-3-3.0.8-150400.4.72.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.72.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.72.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.aarch64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.ppc64le"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.s390x"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.72.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.aarch64"
},
"product_reference": "openssl-3-3.0.8-150400.4.72.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.72.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.ppc64le"
},
"product_reference": "openssl-3-3.0.8-150400.4.72.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.72.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.s390x"
},
"product_reference": "openssl-3-3.0.8-150400.4.72.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.72.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.72.1.ppc64le"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.72.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.72.1.ppc64le"
},
"product_reference": "openssl-3-3.0.8-150400.4.72.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.72.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:libopenssl3-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.72.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:openssl-3-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.72.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.72.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.72.1.ppc64le"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.72.1.s390x"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.72.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.72.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.72.1.ppc64le"
},
"product_reference": "openssl-3-3.0.8-150400.4.72.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.72.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.72.1.s390x"
},
"product_reference": "openssl-3-3.0.8-150400.4.72.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.72.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.72.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150400.4.72.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13176"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.72.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.72.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Proxy 4.3:openssl-3-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le",
"SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.72.1.s390x",
"SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.72.1.s390x",
"SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.72.1.s390x",
"SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.72.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13176",
"url": "https://www.suse.com/security/cve/CVE-2024-13176"
},
{
"category": "external",
"summary": "SUSE Bug 1236136 for CVE-2024-13176",
"url": "https://bugzilla.suse.com/1236136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.72.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.72.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Proxy 4.3:openssl-3-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le",
"SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.72.1.s390x",
"SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.72.1.s390x",
"SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.72.1.s390x",
"SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.72.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.72.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.72.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Proxy 4.3:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Proxy 4.3:openssl-3-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.72.1.ppc64le",
"SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.72.1.s390x",
"SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.72.1.s390x",
"SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.72.1.x86_64",
"SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.72.1.ppc64le",
"SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.72.1.s390x",
"SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.72.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-07T17:18:44Z",
"details": "moderate"
}
],
"title": "CVE-2024-13176"
}
]
}
suse-su-2025:0390-1
Vulnerability from csaf_suse
Published
2025-02-10 07:33
Modified
2025-02-10 07:33
Summary
Security update for openssl-1_1
Notes
Title of the patch
Security update for openssl-1_1
Description of the patch
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)
Patchnames
SUSE-2025-390,SUSE-SLE-SERVER-12-SP5-LTSS-2025-390,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-390
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-1_1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-1_1 fixes the following issues:\n\n- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-390,SUSE-SLE-SERVER-12-SP5-LTSS-2025-390,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-390",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0390-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0390-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250390-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0390-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020296.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236136",
"url": "https://bugzilla.suse.com/1236136"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13176/"
}
],
"title": "Security update for openssl-1_1",
"tracking": {
"current_release_date": "2025-02-10T07:33:48Z",
"generator": {
"date": "2025-02-10T07:33:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0390-1",
"initial_release_date": "2025-02-10T07:33:48Z",
"revision_history": [
{
"date": "2025-02-10T07:33:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-2.116.1.aarch64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-2.116.1.aarch64",
"product_id": "libopenssl-1_1-devel-1.1.1d-2.116.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-2.116.1.aarch64",
"product": {
"name": "libopenssl1_1-1.1.1d-2.116.1.aarch64",
"product_id": "libopenssl1_1-1.1.1d-2.116.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1d-2.116.1.aarch64",
"product": {
"name": "libopenssl1_1-hmac-1.1.1d-2.116.1.aarch64",
"product_id": "libopenssl1_1-hmac-1.1.1d-2.116.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-2.116.1.aarch64",
"product": {
"name": "openssl-1_1-1.1.1d-2.116.1.aarch64",
"product_id": "openssl-1_1-1.1.1d-2.116.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-64bit-1.1.1d-2.116.1.aarch64_ilp32",
"product": {
"name": "libopenssl-1_1-devel-64bit-1.1.1d-2.116.1.aarch64_ilp32",
"product_id": "libopenssl-1_1-devel-64bit-1.1.1d-2.116.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-64bit-1.1.1d-2.116.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_1-64bit-1.1.1d-2.116.1.aarch64_ilp32",
"product_id": "libopenssl1_1-64bit-1.1.1d-2.116.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-64bit-1.1.1d-2.116.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_1-hmac-64bit-1.1.1d-2.116.1.aarch64_ilp32",
"product_id": "libopenssl1_1-hmac-64bit-1.1.1d-2.116.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-2.116.1.i586",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-2.116.1.i586",
"product_id": "libopenssl-1_1-devel-1.1.1d-2.116.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-2.116.1.i586",
"product": {
"name": "libopenssl1_1-1.1.1d-2.116.1.i586",
"product_id": "libopenssl1_1-1.1.1d-2.116.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1d-2.116.1.i586",
"product": {
"name": "libopenssl1_1-hmac-1.1.1d-2.116.1.i586",
"product_id": "libopenssl1_1-hmac-1.1.1d-2.116.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-2.116.1.i586",
"product": {
"name": "openssl-1_1-1.1.1d-2.116.1.i586",
"product_id": "openssl-1_1-1.1.1d-2.116.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1_1-doc-1.1.1d-2.116.1.noarch",
"product": {
"name": "openssl-1_1-doc-1.1.1d-2.116.1.noarch",
"product_id": "openssl-1_1-doc-1.1.1d-2.116.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-2.116.1.ppc64le",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-2.116.1.ppc64le",
"product_id": "libopenssl-1_1-devel-1.1.1d-2.116.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-2.116.1.ppc64le",
"product": {
"name": "libopenssl1_1-1.1.1d-2.116.1.ppc64le",
"product_id": "libopenssl1_1-1.1.1d-2.116.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1d-2.116.1.ppc64le",
"product": {
"name": "libopenssl1_1-hmac-1.1.1d-2.116.1.ppc64le",
"product_id": "libopenssl1_1-hmac-1.1.1d-2.116.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-2.116.1.ppc64le",
"product": {
"name": "openssl-1_1-1.1.1d-2.116.1.ppc64le",
"product_id": "openssl-1_1-1.1.1d-2.116.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-2.116.1.s390",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-2.116.1.s390",
"product_id": "libopenssl-1_1-devel-1.1.1d-2.116.1.s390"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-2.116.1.s390",
"product": {
"name": "libopenssl1_1-1.1.1d-2.116.1.s390",
"product_id": "libopenssl1_1-1.1.1d-2.116.1.s390"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1d-2.116.1.s390",
"product": {
"name": "libopenssl1_1-hmac-1.1.1d-2.116.1.s390",
"product_id": "libopenssl1_1-hmac-1.1.1d-2.116.1.s390"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-2.116.1.s390",
"product": {
"name": "openssl-1_1-1.1.1d-2.116.1.s390",
"product_id": "openssl-1_1-1.1.1d-2.116.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-2.116.1.s390x",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-2.116.1.s390x",
"product_id": "libopenssl-1_1-devel-1.1.1d-2.116.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.s390x",
"product": {
"name": "libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.s390x",
"product_id": "libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-2.116.1.s390x",
"product": {
"name": "libopenssl1_1-1.1.1d-2.116.1.s390x",
"product_id": "libopenssl1_1-1.1.1d-2.116.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-32bit-1.1.1d-2.116.1.s390x",
"product": {
"name": "libopenssl1_1-32bit-1.1.1d-2.116.1.s390x",
"product_id": "libopenssl1_1-32bit-1.1.1d-2.116.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1d-2.116.1.s390x",
"product": {
"name": "libopenssl1_1-hmac-1.1.1d-2.116.1.s390x",
"product_id": "libopenssl1_1-hmac-1.1.1d-2.116.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.s390x",
"product": {
"name": "libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.s390x",
"product_id": "libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-2.116.1.s390x",
"product": {
"name": "openssl-1_1-1.1.1d-2.116.1.s390x",
"product_id": "openssl-1_1-1.1.1d-2.116.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-2.116.1.x86_64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-2.116.1.x86_64",
"product_id": "libopenssl-1_1-devel-1.1.1d-2.116.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.x86_64",
"product": {
"name": "libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.x86_64",
"product_id": "libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-2.116.1.x86_64",
"product": {
"name": "libopenssl1_1-1.1.1d-2.116.1.x86_64",
"product_id": "libopenssl1_1-1.1.1d-2.116.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-32bit-1.1.1d-2.116.1.x86_64",
"product": {
"name": "libopenssl1_1-32bit-1.1.1d-2.116.1.x86_64",
"product_id": "libopenssl1_1-32bit-1.1.1d-2.116.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1d-2.116.1.x86_64",
"product": {
"name": "libopenssl1_1-hmac-1.1.1d-2.116.1.x86_64",
"product_id": "libopenssl1_1-hmac-1.1.1d-2.116.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.x86_64",
"product": {
"name": "libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.x86_64",
"product_id": "libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-2.116.1.x86_64",
"product": {
"name": "openssl-1_1-1.1.1d-2.116.1.x86_64",
"product_id": "openssl-1_1-1.1.1d-2.116.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-2.116.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-1.1.1d-2.116.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-2.116.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-2.116.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-1.1.1d-2.116.1.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-2.116.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-2.116.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-1.1.1d-2.116.1.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-2.116.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-2.116.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-1.1.1d-2.116.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-2.116.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.s390x"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.116.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.116.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1d-2.116.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.116.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.116.1.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1d-2.116.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.116.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.116.1.s390x"
},
"product_reference": "libopenssl1_1-1.1.1d-2.116.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.116.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.116.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1d-2.116.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-2.116.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.116.1.s390x"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-2.116.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-2.116.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.116.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-2.116.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-2.116.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.116.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-2.116.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-2.116.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.116.1.ppc64le"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-2.116.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-2.116.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.116.1.s390x"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-2.116.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-2.116.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.116.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-2.116.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.s390x"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.116.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.116.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1d-2.116.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.116.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.116.1.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1d-2.116.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.116.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.116.1.s390x"
},
"product_reference": "openssl-1_1-1.1.1d-2.116.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.116.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.116.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1d-2.116.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-2.116.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl-1_1-devel-1.1.1d-2.116.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-2.116.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.116.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-1.1.1d-2.116.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1d-2.116.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-2.116.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-32bit-1.1.1d-2.116.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-2.116.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-2.116.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-1.1.1d-2.116.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-2.116.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.116.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssl-1_1-1.1.1d-2.116.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1d-2.116.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13176"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-1.1.1d-2.116.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-1.1.1d-2.116.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.116.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.116.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.116.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.116.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.116.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.116.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl-1_1-devel-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssl-1_1-1.1.1d-2.116.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13176",
"url": "https://www.suse.com/security/cve/CVE-2024-13176"
},
{
"category": "external",
"summary": "SUSE Bug 1236136 for CVE-2024-13176",
"url": "https://bugzilla.suse.com/1236136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-1.1.1d-2.116.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-1.1.1d-2.116.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.116.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.116.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.116.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.116.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.116.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.116.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl-1_1-devel-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssl-1_1-1.1.1d-2.116.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-1.1.1d-2.116.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-1.1.1d-2.116.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.116.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.116.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.116.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.116.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.116.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.116.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.116.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl-1_1-devel-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-32bit-1.1.1d-2.116.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssl-1_1-1.1.1d-2.116.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-10T07:33:48Z",
"details": "moderate"
}
],
"title": "CVE-2024-13176"
}
]
}
suse-su-2025:0613-1
Vulnerability from csaf_suse
Published
2025-02-21 10:37
Modified
2025-02-21 10:37
Summary
Security update for openssl-1_1
Notes
Title of the patch
Security update for openssl-1_1
Description of the patch
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136).
Other bugfixes:
- Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771).
Patchnames
SUSE-2025-613,SUSE-SLE-Module-Basesystem-15-SP6-2025-613,SUSE-SLE-Module-Development-Tools-15-SP6-2025-613,SUSE-SLE-Module-Legacy-15-SP6-2025-613,openSUSE-SLE-15.6-2025-613
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-1_1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-1_1 fixes the following issues:\n\n- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136).\n\nOther bugfixes:\n\n- Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-613,SUSE-SLE-Module-Basesystem-15-SP6-2025-613,SUSE-SLE-Module-Development-Tools-15-SP6-2025-613,SUSE-SLE-Module-Legacy-15-SP6-2025-613,openSUSE-SLE-15.6-2025-613",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0613-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0613-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250613-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0613-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020395.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236136",
"url": "https://bugzilla.suse.com/1236136"
},
{
"category": "self",
"summary": "SUSE Bug 1236771",
"url": "https://bugzilla.suse.com/1236771"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13176/"
}
],
"title": "Security update for openssl-1_1",
"tracking": {
"current_release_date": "2025-02-21T10:37:55Z",
"generator": {
"date": "2025-02-21T10:37:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0613-1",
"initial_release_date": "2025-02-21T10:37:55Z",
"revision_history": [
{
"date": "2025-02-21T10:37:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"product_id": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"product": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"product_id": "libopenssl1_1-1.1.1w-150600.5.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"product": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"product_id": "openssl-1_1-1.1.1w-150600.5.12.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32",
"product": {
"name": "libopenssl-1_1-devel-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32",
"product_id": "libopenssl-1_1-devel-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32",
"product": {
"name": "libopenssl1_1-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32",
"product_id": "libopenssl1_1-64bit-1.1.1w-150600.5.12.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.i586",
"product": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.i586",
"product_id": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.i586",
"product": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.i586",
"product_id": "libopenssl1_1-1.1.1w-150600.5.12.2.i586"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1w-150600.5.12.2.i586",
"product": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.i586",
"product_id": "openssl-1_1-1.1.1w-150600.5.12.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1_1-doc-1.1.1w-150600.5.12.2.noarch",
"product": {
"name": "openssl-1_1-doc-1.1.1w-150600.5.12.2.noarch",
"product_id": "openssl-1_1-doc-1.1.1w-150600.5.12.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"product": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"product_id": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"product": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"product_id": "libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"product": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"product_id": "openssl-1_1-1.1.1w-150600.5.12.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"product": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"product_id": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"product": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"product_id": "libopenssl1_1-1.1.1w-150600.5.12.2.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"product": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"product_id": "openssl-1_1-1.1.1w-150600.5.12.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"product_id": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"product": {
"name": "libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"product_id": "libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"product": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"product_id": "libopenssl1_1-1.1.1w-150600.5.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"product": {
"name": "libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"product_id": "libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1w-150600.5.12.2.x86_64",
"product": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.x86_64",
"product_id": "openssl-1_1-1.1.1w-150600.5.12.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Legacy 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-legacy:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-1.1.1w-150600.5.12.2.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-1.1.1w-150600.5.12.2.s390x"
},
"product_reference": "libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.aarch64 as component of SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP6:openssl-1_1-1.1.1w-150600.5.12.2.aarch64"
},
"product_reference": "openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP6:openssl-1_1-1.1.1w-150600.5.12.2.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.s390x as component of SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP6:openssl-1_1-1.1.1w-150600.5.12.2.s390x"
},
"product_reference": "openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP6:openssl-1_1-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "openssl-1_1-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl1_1-1.1.1w-150600.5.12.2.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl1_1-1.1.1w-150600.5.12.2.s390x"
},
"product_reference": "libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1w-150600.5.12.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl1_1-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-1_1-1.1.1w-150600.5.12.2.aarch64"
},
"product_reference": "openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-1_1-1.1.1w-150600.5.12.2.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-1_1-1.1.1w-150600.5.12.2.s390x"
},
"product_reference": "openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1w-150600.5.12.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-1_1-1.1.1w-150600.5.12.2.x86_64"
},
"product_reference": "openssl-1_1-1.1.1w-150600.5.12.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-doc-1.1.1w-150600.5.12.2.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-1_1-doc-1.1.1w-150600.5.12.2.noarch"
},
"product_reference": "openssl-1_1-doc-1.1.1w-150600.5.12.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13176"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:openssl-1_1-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"openSUSE Leap 15.6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"openSUSE Leap 15.6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"openSUSE Leap 15.6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"openSUSE Leap 15.6:libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"openSUSE Leap 15.6:libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"openSUSE Leap 15.6:libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"openSUSE Leap 15.6:openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"openSUSE Leap 15.6:openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"openSUSE Leap 15.6:openssl-1_1-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:openssl-1_1-doc-1.1.1w-150600.5.12.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13176",
"url": "https://www.suse.com/security/cve/CVE-2024-13176"
},
{
"category": "external",
"summary": "SUSE Bug 1236136 for CVE-2024-13176",
"url": "https://bugzilla.suse.com/1236136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:openssl-1_1-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"openSUSE Leap 15.6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"openSUSE Leap 15.6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"openSUSE Leap 15.6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"openSUSE Leap 15.6:libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"openSUSE Leap 15.6:libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"openSUSE Leap 15.6:libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"openSUSE Leap 15.6:openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"openSUSE Leap 15.6:openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"openSUSE Leap 15.6:openssl-1_1-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:openssl-1_1-doc-1.1.1w-150600.5.12.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:openssl-1_1-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.aarch64",
"openSUSE Leap 15.6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.ppc64le",
"openSUSE Leap 15.6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.s390x",
"openSUSE Leap 15.6:libopenssl-1_1-devel-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:libopenssl1_1-1.1.1w-150600.5.12.2.aarch64",
"openSUSE Leap 15.6:libopenssl1_1-1.1.1w-150600.5.12.2.ppc64le",
"openSUSE Leap 15.6:libopenssl1_1-1.1.1w-150600.5.12.2.s390x",
"openSUSE Leap 15.6:libopenssl1_1-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:libopenssl1_1-32bit-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:openssl-1_1-1.1.1w-150600.5.12.2.aarch64",
"openSUSE Leap 15.6:openssl-1_1-1.1.1w-150600.5.12.2.ppc64le",
"openSUSE Leap 15.6:openssl-1_1-1.1.1w-150600.5.12.2.s390x",
"openSUSE Leap 15.6:openssl-1_1-1.1.1w-150600.5.12.2.x86_64",
"openSUSE Leap 15.6:openssl-1_1-doc-1.1.1w-150600.5.12.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-21T10:37:55Z",
"details": "moderate"
}
],
"title": "CVE-2024-13176"
}
]
}
suse-su-2025:0387-1
Vulnerability from csaf_suse
Published
2025-02-07 17:16
Modified
2025-02-07 17:16
Summary
Security update for openssl-3
Notes
Title of the patch
Security update for openssl-3
Description of the patch
This update for openssl-3 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).
Patchnames
SUSE-2025-387,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-387,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-387,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-387,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-387
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\n- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-387,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-387,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-387,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-387,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-387",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0387-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0387-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250387-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0387-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020290.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236136",
"url": "https://bugzilla.suse.com/1236136"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13176/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2025-02-07T17:16:21Z",
"generator": {
"date": "2025-02-07T17:16:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0387-1",
"initial_release_date": "2025-02-07T17:16:21Z",
"revision_history": [
{
"date": "2025-02-07T17:16:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64",
"product_id": "libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150500.5.51.1.aarch64",
"product": {
"name": "libopenssl3-3.0.8-150500.5.51.1.aarch64",
"product_id": "libopenssl3-3.0.8-150500.5.51.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150500.5.51.1.aarch64",
"product": {
"name": "openssl-3-3.0.8-150500.5.51.1.aarch64",
"product_id": "openssl-3-3.0.8-150500.5.51.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-64bit-3.0.8-150500.5.51.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-devel-64bit-3.0.8-150500.5.51.1.aarch64_ilp32",
"product_id": "libopenssl-3-devel-64bit-3.0.8-150500.5.51.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl3-64bit-3.0.8-150500.5.51.1.aarch64_ilp32",
"product": {
"name": "libopenssl3-64bit-3.0.8-150500.5.51.1.aarch64_ilp32",
"product_id": "libopenssl3-64bit-3.0.8-150500.5.51.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.i586",
"product": {
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.i586",
"product_id": "libopenssl-3-devel-3.0.8-150500.5.51.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150500.5.51.1.i586",
"product": {
"name": "libopenssl3-3.0.8-150500.5.51.1.i586",
"product_id": "libopenssl3-3.0.8-150500.5.51.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150500.5.51.1.i586",
"product": {
"name": "openssl-3-3.0.8-150500.5.51.1.i586",
"product_id": "openssl-3-3.0.8-150500.5.51.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-doc-3.0.8-150500.5.51.1.noarch",
"product": {
"name": "openssl-3-doc-3.0.8-150500.5.51.1.noarch",
"product_id": "openssl-3-doc-3.0.8-150500.5.51.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.ppc64le",
"product_id": "libopenssl-3-devel-3.0.8-150500.5.51.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150500.5.51.1.ppc64le",
"product": {
"name": "libopenssl3-3.0.8-150500.5.51.1.ppc64le",
"product_id": "libopenssl3-3.0.8-150500.5.51.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150500.5.51.1.ppc64le",
"product": {
"name": "openssl-3-3.0.8-150500.5.51.1.ppc64le",
"product_id": "openssl-3-3.0.8-150500.5.51.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.s390x",
"product_id": "libopenssl-3-devel-3.0.8-150500.5.51.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150500.5.51.1.s390x",
"product": {
"name": "libopenssl3-3.0.8-150500.5.51.1.s390x",
"product_id": "libopenssl3-3.0.8-150500.5.51.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150500.5.51.1.s390x",
"product": {
"name": "openssl-3-3.0.8-150500.5.51.1.s390x",
"product_id": "openssl-3-3.0.8-150500.5.51.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"product_id": "libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.0.8-150500.5.51.1.x86_64",
"product": {
"name": "libopenssl-3-devel-32bit-3.0.8-150500.5.51.1.x86_64",
"product_id": "libopenssl-3-devel-32bit-3.0.8-150500.5.51.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150500.5.51.1.x86_64",
"product": {
"name": "libopenssl3-3.0.8-150500.5.51.1.x86_64",
"product_id": "libopenssl3-3.0.8-150500.5.51.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.0.8-150500.5.51.1.x86_64",
"product": {
"name": "libopenssl3-32bit-3.0.8-150500.5.51.1.x86_64",
"product_id": "libopenssl3-32bit-3.0.8-150500.5.51.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150500.5.51.1.x86_64",
"product": {
"name": "openssl-3-3.0.8-150500.5.51.1.x86_64",
"product_id": "openssl-3-3.0.8-150500.5.51.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.51.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.51.1.aarch64"
},
"product_reference": "libopenssl3-3.0.8-150500.5.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.51.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.51.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150500.5.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.51.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.51.1.aarch64"
},
"product_reference": "openssl-3-3.0.8-150500.5.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.51.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.51.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150500.5.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.51.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.aarch64"
},
"product_reference": "libopenssl3-3.0.8-150500.5.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.51.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150500.5.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.51.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.aarch64"
},
"product_reference": "openssl-3-3.0.8-150500.5.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.51.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150500.5.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.51.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.aarch64"
},
"product_reference": "libopenssl3-3.0.8-150500.5.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.51.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.ppc64le"
},
"product_reference": "libopenssl3-3.0.8-150500.5.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.51.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.s390x"
},
"product_reference": "libopenssl3-3.0.8-150500.5.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.51.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150500.5.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.51.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.aarch64"
},
"product_reference": "openssl-3-3.0.8-150500.5.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.51.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.ppc64le"
},
"product_reference": "openssl-3-3.0.8-150500.5.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.51.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.s390x"
},
"product_reference": "openssl-3-3.0.8-150500.5.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.51.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150500.5.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.51.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.51.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.51.1.ppc64le"
},
"product_reference": "libopenssl3-3.0.8-150500.5.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.51.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150500.5.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.51.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.51.1.ppc64le"
},
"product_reference": "openssl-3-3.0.8-150500.5.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.51.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150500.5.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13176"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.51.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13176",
"url": "https://www.suse.com/security/cve/CVE-2024-13176"
},
{
"category": "external",
"summary": "SUSE Bug 1236136 for CVE-2024-13176",
"url": "https://bugzilla.suse.com/1236136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.51.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.51.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-07T17:16:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-13176"
}
]
}
suse-su-2025:20233-1
Vulnerability from csaf_suse
Published
2025-03-07 16:28
Modified
2025-03-07 16:28
Summary
Security update for openssl-3
Notes
Title of the patch
Security update for openssl-3
Description of the patch
This update for openssl-3 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation(bsc#1236136).
Patchnames
SUSE-SLE-Micro-6.1-31
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\n- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation(bsc#1236136).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-31",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20233-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20233-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520233-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20233-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021088.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236136",
"url": "https://bugzilla.suse.com/1236136"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13176/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2025-03-07T16:28:37Z",
"generator": {
"date": "2025-03-07T16:28:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20233-1",
"initial_release_date": "2025-03-07T16:28:37Z",
"revision_history": [
{
"date": "2025-03-07T16:28:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_4.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_4.1.aarch64",
"product_id": "libopenssl-3-devel-3.1.4-slfo.1.1_4.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-slfo.1.1_4.1.aarch64",
"product": {
"name": "libopenssl3-3.1.4-slfo.1.1_4.1.aarch64",
"product_id": "libopenssl3-3.1.4-slfo.1.1_4.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-slfo.1.1_4.1.aarch64",
"product": {
"name": "openssl-3-3.1.4-slfo.1.1_4.1.aarch64",
"product_id": "openssl-3-3.1.4-slfo.1.1_4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_4.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_4.1.s390x",
"product_id": "libopenssl-3-devel-3.1.4-slfo.1.1_4.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-slfo.1.1_4.1.s390x",
"product": {
"name": "libopenssl3-3.1.4-slfo.1.1_4.1.s390x",
"product_id": "libopenssl3-3.1.4-slfo.1.1_4.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-slfo.1.1_4.1.s390x",
"product": {
"name": "openssl-3-3.1.4-slfo.1.1_4.1.s390x",
"product_id": "openssl-3-3.1.4-slfo.1.1_4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_4.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_4.1.x86_64",
"product_id": "libopenssl-3-devel-3.1.4-slfo.1.1_4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-slfo.1.1_4.1.x86_64",
"product": {
"name": "libopenssl3-3.1.4-slfo.1.1_4.1.x86_64",
"product_id": "libopenssl3-3.1.4-slfo.1.1_4.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-slfo.1.1_4.1.x86_64",
"product": {
"name": "openssl-3-3.1.4-slfo.1.1_4.1.x86_64",
"product_id": "openssl-3-3.1.4-slfo.1.1_4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_4.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_4.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.1.4-slfo.1.1_4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_4.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_4.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.1.4-slfo.1.1_4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_4.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_4.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.1.4-slfo.1.1_4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-slfo.1.1_4.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_4.1.aarch64"
},
"product_reference": "libopenssl3-3.1.4-slfo.1.1_4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-slfo.1.1_4.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_4.1.s390x"
},
"product_reference": "libopenssl3-3.1.4-slfo.1.1_4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-slfo.1.1_4.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_4.1.x86_64"
},
"product_reference": "libopenssl3-3.1.4-slfo.1.1_4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-slfo.1.1_4.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_4.1.aarch64"
},
"product_reference": "openssl-3-3.1.4-slfo.1.1_4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-slfo.1.1_4.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_4.1.s390x"
},
"product_reference": "openssl-3-3.1.4-slfo.1.1_4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-slfo.1.1_4.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_4.1.x86_64"
},
"product_reference": "openssl-3-3.1.4-slfo.1.1_4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13176"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13176",
"url": "https://www.suse.com/security/cve/CVE-2024-13176"
},
{
"category": "external",
"summary": "SUSE Bug 1236136 for CVE-2024-13176",
"url": "https://bugzilla.suse.com/1236136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-07T16:28:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-13176"
}
]
}
suse-su-2025:0430-1
Vulnerability from csaf_suse
Published
2025-02-11 14:13
Modified
2025-02-11 14:13
Summary
Security update for openssl-3
Notes
Title of the patch
Security update for openssl-3
Description of the patch
This update for openssl-3 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).
Patchnames
SUSE-2025-430,SUSE-SLE-Module-Basesystem-15-SP6-2025-430,openSUSE-SLE-15.6-2025-430
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\n- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-430,SUSE-SLE-Module-Basesystem-15-SP6-2025-430,openSUSE-SLE-15.6-2025-430",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0430-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0430-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250430-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0430-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020316.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236136",
"url": "https://bugzilla.suse.com/1236136"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13176/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2025-02-11T14:13:33Z",
"generator": {
"date": "2025-02-11T14:13:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0430-1",
"initial_release_date": "2025-02-11T14:13:33Z",
"revision_history": [
{
"date": "2025-02-11T14:13:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.aarch64",
"product_id": "libopenssl-3-devel-3.1.4-150600.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-150600.5.24.1.aarch64",
"product": {
"name": "libopenssl3-3.1.4-150600.5.24.1.aarch64",
"product_id": "libopenssl3-3.1.4-150600.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-150600.5.24.1.aarch64",
"product": {
"name": "openssl-3-3.1.4-150600.5.24.1.aarch64",
"product_id": "openssl-3-3.1.4-150600.5.24.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-64bit-3.1.4-150600.5.24.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-devel-64bit-3.1.4-150600.5.24.1.aarch64_ilp32",
"product_id": "libopenssl-3-devel-64bit-3.1.4-150600.5.24.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-64bit-3.1.4-150600.5.24.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-fips-provider-64bit-3.1.4-150600.5.24.1.aarch64_ilp32",
"product_id": "libopenssl-3-fips-provider-64bit-3.1.4-150600.5.24.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl3-64bit-3.1.4-150600.5.24.1.aarch64_ilp32",
"product": {
"name": "libopenssl3-64bit-3.1.4-150600.5.24.1.aarch64_ilp32",
"product_id": "libopenssl3-64bit-3.1.4-150600.5.24.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.i586",
"product": {
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.i586",
"product_id": "libopenssl-3-devel-3.1.4-150600.5.24.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.i586",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.i586",
"product_id": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-150600.5.24.1.i586",
"product": {
"name": "libopenssl3-3.1.4-150600.5.24.1.i586",
"product_id": "libopenssl3-3.1.4-150600.5.24.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-150600.5.24.1.i586",
"product": {
"name": "openssl-3-3.1.4-150600.5.24.1.i586",
"product_id": "openssl-3-3.1.4-150600.5.24.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-doc-3.1.4-150600.5.24.1.noarch",
"product": {
"name": "openssl-3-doc-3.1.4-150600.5.24.1.noarch",
"product_id": "openssl-3-doc-3.1.4-150600.5.24.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.ppc64le",
"product_id": "libopenssl-3-devel-3.1.4-150600.5.24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-150600.5.24.1.ppc64le",
"product": {
"name": "libopenssl3-3.1.4-150600.5.24.1.ppc64le",
"product_id": "libopenssl3-3.1.4-150600.5.24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-150600.5.24.1.ppc64le",
"product": {
"name": "openssl-3-3.1.4-150600.5.24.1.ppc64le",
"product_id": "openssl-3-3.1.4-150600.5.24.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.s390x",
"product_id": "libopenssl-3-devel-3.1.4-150600.5.24.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-150600.5.24.1.s390x",
"product": {
"name": "libopenssl3-3.1.4-150600.5.24.1.s390x",
"product_id": "libopenssl3-3.1.4-150600.5.24.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-150600.5.24.1.s390x",
"product": {
"name": "openssl-3-3.1.4-150600.5.24.1.s390x",
"product_id": "openssl-3-3.1.4-150600.5.24.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.x86_64",
"product_id": "libopenssl-3-devel-3.1.4-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.1.4-150600.5.24.1.x86_64",
"product": {
"name": "libopenssl-3-devel-32bit-3.1.4-150600.5.24.1.x86_64",
"product_id": "libopenssl-3-devel-32bit-3.1.4-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.24.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.24.1.x86_64",
"product_id": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-150600.5.24.1.x86_64",
"product": {
"name": "libopenssl3-3.1.4-150600.5.24.1.x86_64",
"product_id": "libopenssl3-3.1.4-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.1.4-150600.5.24.1.x86_64",
"product": {
"name": "libopenssl3-32bit-3.1.4-150600.5.24.1.x86_64",
"product_id": "libopenssl3-32bit-3.1.4-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-150600.5.24.1.x86_64",
"product": {
"name": "openssl-3-3.1.4-150600.5.24.1.x86_64",
"product_id": "openssl-3-3.1.4-150600.5.24.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.24.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.24.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.24.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.24.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.24.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.24.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.24.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.24.1.aarch64"
},
"product_reference": "libopenssl3-3.1.4-150600.5.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.24.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.24.1.ppc64le"
},
"product_reference": "libopenssl3-3.1.4-150600.5.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.24.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.24.1.s390x"
},
"product_reference": "libopenssl3-3.1.4-150600.5.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.24.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.24.1.x86_64"
},
"product_reference": "libopenssl3-3.1.4-150600.5.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.1.4-150600.5.24.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-32bit-3.1.4-150600.5.24.1.x86_64"
},
"product_reference": "libopenssl3-32bit-3.1.4-150600.5.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.24.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.24.1.aarch64"
},
"product_reference": "openssl-3-3.1.4-150600.5.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.24.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.24.1.ppc64le"
},
"product_reference": "openssl-3-3.1.4-150600.5.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.24.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.24.1.s390x"
},
"product_reference": "openssl-3-3.1.4-150600.5.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.24.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.24.1.x86_64"
},
"product_reference": "openssl-3-3.1.4-150600.5.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.24.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.24.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.24.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.24.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.24.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.24.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.24.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.1.4-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.24.1.x86_64"
},
"product_reference": "libopenssl-3-devel-32bit-3.1.4-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.24.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.24.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.24.1.aarch64"
},
"product_reference": "libopenssl3-3.1.4-150600.5.24.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.24.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.24.1.ppc64le"
},
"product_reference": "libopenssl3-3.1.4-150600.5.24.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.24.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.24.1.s390x"
},
"product_reference": "libopenssl3-3.1.4-150600.5.24.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.24.1.x86_64"
},
"product_reference": "libopenssl3-3.1.4-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.1.4-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.24.1.x86_64"
},
"product_reference": "libopenssl3-32bit-3.1.4-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.24.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.24.1.aarch64"
},
"product_reference": "openssl-3-3.1.4-150600.5.24.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.24.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.24.1.ppc64le"
},
"product_reference": "openssl-3-3.1.4-150600.5.24.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.24.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.24.1.s390x"
},
"product_reference": "openssl-3-3.1.4-150600.5.24.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.24.1.x86_64"
},
"product_reference": "openssl-3-3.1.4-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.1.4-150600.5.24.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.24.1.noarch"
},
"product_reference": "openssl-3-doc-3.1.4-150600.5.24.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13176"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-32bit-3.1.4-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.24.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.24.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.24.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.24.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.24.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.24.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13176",
"url": "https://www.suse.com/security/cve/CVE-2024-13176"
},
{
"category": "external",
"summary": "SUSE Bug 1236136 for CVE-2024-13176",
"url": "https://bugzilla.suse.com/1236136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-32bit-3.1.4-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.24.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.24.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.24.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.24.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.24.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.24.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-32bit-3.1.4-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.24.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.24.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.24.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.24.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.24.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.24.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-11T14:13:33Z",
"details": "moderate"
}
],
"title": "CVE-2024-13176"
}
]
}
wid-sec-w-2025-0131
Vulnerability from csaf_certbund
Published
2025-01-20 23:00
Modified
2025-07-23 22:00
Summary
OpenSSL: Schwachstelle ermöglicht Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0131 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0131.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0131 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0131"
},
{
"category": "external",
"summary": "OpenSSLVulnerabilities vom 2025-01-20",
"url": "https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176"
},
{
"category": "external",
"summary": "Red Hat Bugtracker vom 2025-01-20",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338999"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20250124-0005 vom 2025-01-24",
"url": "https://security.netapp.com/advisory/ntap-20250124-0005/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14696-1 vom 2025-01-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2SJWUM3ZDQ76XIG2YCDVO2XQE6VZ5SCY/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0345-1 vom 2025-02-04",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/7BHBUB64JRAERNEYUDSEV3LTRHHZLUND/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0345-1 vom 2025-02-04",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7BHBUB64JRAERNEYUDSEV3LTRHHZLUND/"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2750 vom 2025-02-04",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2750.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0349-1 vom 2025-02-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020286.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0356-1 vom 2025-02-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020282.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0387-1 vom 2025-02-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020290.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0388-1 vom 2025-02-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020289.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0390-1 vom 2025-02-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020296.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0430-1 vom 2025-02-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020316.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7264-1 vom 2025-02-11",
"url": "https://ubuntu.com/security/notices/USN-7264-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7278-1 vom 2025-02-20",
"url": "https://ubuntu.com/security/notices/USN-7278-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0613-1 vom 2025-02-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020395.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7184055 vom 2025-02-24",
"url": "https://www.ibm.com/support/pages/node/7184055"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASOPENSSL-SNAPSAFE-2025-007 vom 2025-03-06",
"url": "https://alas.aws.amazon.com/AL2/ALASOPENSSL-SNAPSAFE-2025-007.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2781 vom 2025-03-07",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2781.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2780 vom 2025-03-07",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2780.html"
},
{
"category": "external",
"summary": "FreeBSD Advisory",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-25:07.openssl.asc"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0613-2 vom 2025-05-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020810.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0613-3 vom 2025-05-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020832.html"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2025-10 vom 2025-05-22",
"url": "https://de.tenable.com/security/tns-2025-10"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-011 vom 2025-05-23",
"url": "https://security.business.xerox.com/wp-content/uploads/2025/05/Xerox-Security-Bulletin-XRX25-011-for-Xerox-FreeFlow-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-010 vom 2025-05-23",
"url": "https://security.business.xerox.com/wp-content/uploads/2025/05/Xerox-Security-Bulletin-XRX25-010-for-Xerox-FreeFlow-Print-Server-v7.pdf"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4176 vom 2025-05-26",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-213 vom 2025-05-30",
"url": "https://www.dell.com/support/kbdoc/de-de/000326299/dsa-2025-213-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-multiple-third-party-vulnerabilities"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-012 vom 2025-06-02",
"url": "https://security.business.xerox.com/wp-content/uploads/2025/06/Xerox-Security-Bulletin-XRX25-012-for-Xerox-FreeFlow-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20233-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021088.html"
},
{
"category": "external",
"summary": "Insyde Security Advisory INSYDE-SA-2025001 vom 2025-06-10",
"url": "https://www.insyde.com/security-pledge/sa-2025001/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7234017 vom 2025-06-10",
"url": "https://www.ibm.com/support/pages/node/7234017"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7236344 vom 2025-06-11",
"url": "https://www.ibm.com/support/pages/node/7236344"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20406-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021553.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02042-1 vom 2025-06-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021599.html"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2025-0710 vom 2025-07-07",
"url": "https://advisory.splunk.com//advisories/SVD-2025-0710"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-203 vom 2025-07-08",
"url": "https://www.dell.com/support/kbdoc/de-de/000318839/dsa-2025-203"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20464-1 vom 2025-07-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021780.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-289 vom 2025-07-17",
"url": "https://www.dell.com/support/kbdoc/000345850"
},
{
"category": "external",
"summary": "SolarWinds Platform 2025.2.1 release notes vom 2025-07-24",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-2-1_release_notes.htm"
}
],
"source_lang": "en-US",
"title": "OpenSSL: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
"tracking": {
"current_release_date": "2025-07-23T22:00:00.000+00:00",
"generator": {
"date": "2025-07-24T07:52:24.114+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0131",
"initial_release_date": "2025-01-20T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-01-20T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-01-26T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von NetApp und openSUSE aufgenommen"
},
{
"date": "2025-02-03T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-04T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-02-06T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-09T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-11T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2025-02-20T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-02-23T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-24T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-03-06T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-03-09T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-04-10T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von FreeBSD aufgenommen"
},
{
"date": "2025-05-08T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-05-15T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-05-22T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Tenable und XEROX aufgenommen"
},
{
"date": "2025-05-26T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-10T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Insyde und IBM aufgenommen"
},
{
"date": "2025-06-11T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-06-17T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-22T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-07T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2025-07-08T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-07-09T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-16T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-07-23T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "29"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell Avamar",
"product": {
"name": "Dell Avamar",
"product_id": "T039664",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:-"
}
}
},
{
"category": "product_name",
"name": "Dell Computer",
"product": {
"name": "Dell Computer",
"product_id": "T036868",
"product_identification_helper": {
"cpe": "cpe:/o:dell:dell_computer:-"
}
}
},
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T034583",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "T40",
"product": {
"name": "Dell PowerEdge T40",
"product_id": "T027537",
"product_identification_helper": {
"cpe": "cpe:/h:dell:poweredge:t40"
}
}
}
],
"category": "product_name",
"name": "PowerEdge"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c14.2-STABLE",
"product": {
"name": "FreeBSD Project FreeBSD OS \u003c14.2-STABLE",
"product_id": "T040689"
}
},
{
"category": "product_version",
"name": "14.2-STABLE",
"product": {
"name": "FreeBSD Project FreeBSD OS 14.2-STABLE",
"product_id": "T040689-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:14.2-stable"
}
}
},
{
"category": "product_version_range",
"name": "\u003c14.2-RELEASE-p3",
"product": {
"name": "FreeBSD Project FreeBSD OS \u003c14.2-RELEASE-p3",
"product_id": "T042746"
}
},
{
"category": "product_version",
"name": "14.2-RELEASE-p3",
"product": {
"name": "FreeBSD Project FreeBSD OS 14.2-RELEASE-p3",
"product_id": "T042746-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:14.2-release-p3"
}
}
}
],
"category": "product_name",
"name": "FreeBSD OS"
}
],
"category": "vendor",
"name": "FreeBSD Project"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "IBM AIX 7.3",
"product_id": "1139691",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.3"
}
}
},
{
"category": "product_version",
"name": "7.2",
"product": {
"name": "IBM AIX 7.2",
"product_id": "434967",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.2"
}
}
}
],
"category": "product_name",
"name": "AIX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.5.0.17",
"product": {
"name": "IBM DataPower Gateway \u003c10.5.0.17",
"product_id": "T043377"
}
},
{
"category": "product_version",
"name": "10.5.0.17",
"product": {
"name": "IBM DataPower Gateway 10.5.0.17",
"product_id": "T043377-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.5.0.17"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.6.0.5",
"product": {
"name": "IBM DataPower Gateway \u003c10.6.0.5",
"product_id": "T043378"
}
},
{
"category": "product_version",
"name": "10.6.0.5",
"product": {
"name": "IBM DataPower Gateway 10.6.0.5",
"product_id": "T043378-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.6.0.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.6.4.0",
"product": {
"name": "IBM DataPower Gateway \u003c10.6.4.0",
"product_id": "T044528"
}
},
{
"category": "product_version",
"name": "10.6.4.0",
"product": {
"name": "IBM DataPower Gateway 10.6.4.0",
"product_id": "T044528-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.6.4.0"
}
}
}
],
"category": "product_name",
"name": "DataPower Gateway"
},
{
"branches": [
{
"category": "product_version",
"name": "OP940.00-OP940.73",
"product": {
"name": "IBM Power Hardware Management Console OP940.00-OP940.73",
"product_id": "T044502",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:op940.00_-_op940.73"
}
}
}
],
"category": "product_name",
"name": "Power Hardware Management Console"
},
{
"branches": [
{
"category": "product_version",
"name": "3.1",
"product": {
"name": "IBM VIOS 3.1",
"product_id": "1039165",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:3.1"
}
}
},
{
"category": "product_version",
"name": "4.1",
"product": {
"name": "IBM VIOS 4.1",
"product_id": "1522854",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:4.1"
}
}
}
],
"category": "product_name",
"name": "VIOS"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Kernel",
"product": {
"name": "Insyde UEFI Firmware Kernel",
"product_id": "T034716",
"product_identification_helper": {
"cpe": "cpe:/h:insyde:uefi:kernel"
}
}
}
],
"category": "product_name",
"name": "UEFI Firmware"
}
],
"category": "vendor",
"name": "Insyde"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T032260",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.2.4",
"product": {
"name": "Open Source OpenSSL \u003c3.2.4",
"product_id": "T038470"
}
},
{
"category": "product_version",
"name": "3.2.4",
"product": {
"name": "Open Source OpenSSL 3.2.4",
"product_id": "T038470-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.2.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.1.8",
"product": {
"name": "Open Source OpenSSL \u003c3.1.8",
"product_id": "T038471"
}
},
{
"category": "product_version",
"name": "3.1.8",
"product": {
"name": "Open Source OpenSSL 3.1.8",
"product_id": "T038471-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.1.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.0.16",
"product": {
"name": "Open Source OpenSSL \u003c3.0.16",
"product_id": "T038472"
}
},
{
"category": "product_version",
"name": "3.0.16",
"product": {
"name": "Open Source OpenSSL 3.0.16",
"product_id": "T038472-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.0.16"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.1.1zb",
"product": {
"name": "Open Source OpenSSL \u003c1.1.1zb",
"product_id": "T038473"
}
},
{
"category": "product_version",
"name": "1.1.1zb",
"product": {
"name": "Open Source OpenSSL 1.1.1zb",
"product_id": "T038473-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:1.1.1zb"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.0.2zl",
"product": {
"name": "Open Source OpenSSL \u003c1.0.2zl",
"product_id": "T038474"
}
},
{
"category": "product_version",
"name": "1.0.2zl",
"product": {
"name": "Open Source OpenSSL 1.0.2zl",
"product_id": "T038474-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:1.0.2zl"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.4.1",
"product": {
"name": "Open Source OpenSSL \u003c3.4.1",
"product_id": "T040414"
}
},
{
"category": "product_version",
"name": "3.4.1",
"product": {
"name": "Open Source OpenSSL 3.4.1",
"product_id": "T040414-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.4.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.3.3",
"product": {
"name": "Open Source OpenSSL \u003c3.3.3",
"product_id": "T040415"
}
},
{
"category": "product_version",
"name": "3.3.3",
"product": {
"name": "Open Source OpenSSL 3.3.3",
"product_id": "T040415-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.3.3"
}
}
}
],
"category": "product_name",
"name": "OpenSSL"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2025.2.1",
"product": {
"name": "SolarWinds Platform \u003c2025.2.1",
"product_id": "T045629"
}
},
{
"category": "product_version",
"name": "2025.2.1",
"product": {
"name": "SolarWinds Platform 2025.2.1",
"product_id": "T045629-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:solarwinds:orion_platform:2025.2.1"
}
}
}
],
"category": "product_name",
"name": "Platform"
}
],
"category": "vendor",
"name": "SolarWinds"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.4.3",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.4.3",
"product_id": "T045086"
}
},
{
"category": "product_version",
"name": "9.4.3",
"product": {
"name": "Splunk Splunk Enterprise 9.4.3",
"product_id": "T045086-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.4.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.3.5",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.5",
"product_id": "T045087"
}
},
{
"category": "product_version",
"name": "9.3.5",
"product": {
"name": "Splunk Splunk Enterprise 9.3.5",
"product_id": "T045087-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.7",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.7",
"product_id": "T045088"
}
},
{
"category": "product_version",
"name": "9.2.7",
"product": {
"name": "Splunk Splunk Enterprise 9.2.7",
"product_id": "T045088-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.10",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.10",
"product_id": "T045089"
}
},
{
"category": "product_version",
"name": "9.1.10",
"product": {
"name": "Splunk Splunk Enterprise 9.1.10",
"product_id": "T045089-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.1.10"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.5.1",
"product": {
"name": "Tenable Security Nessus Network Monitor \u003c6.5.1",
"product_id": "T044107"
}
},
{
"category": "product_version",
"name": "6.5.1",
"product": {
"name": "Tenable Security Nessus Network Monitor 6.5.1",
"product_id": "T044107-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus_network_monitor:6.5.1"
}
}
}
],
"category": "product_name",
"name": "Nessus Network Monitor"
}
],
"category": "vendor",
"name": "Tenable Security"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7",
"product": {
"name": "Xerox FreeFlow Print Server 7",
"product_id": "T000872",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:7"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "Xerox FreeFlow Print Server 9",
"product_id": "T002977",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:9"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"product_status": {
"known_affected": [
"T036868",
"T034583",
"T002977",
"T032260",
"1139691",
"T027537",
"T000872",
"T040414",
"T045086",
"398363",
"T045088",
"T045087",
"T045089",
"T034716",
"434967",
"T040415",
"1039165",
"1522854",
"T045629",
"T038474",
"T039664",
"T038470",
"T043377",
"T038471",
"T043378",
"T044502",
"T038472",
"T038473",
"2951",
"T002207",
"T044107",
"T000126",
"T044528",
"T042746",
"T027843",
"T040689"
]
},
"release_date": "2025-01-20T23:00:00.000+00:00",
"title": "CVE-2024-13176"
}
]
}
wid-sec-w-2025-1568
Vulnerability from csaf_certbund
Published
2025-07-15 22:00
Modified
2025-07-15 22:00
Summary
Oracle JD Edwards: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die Komponenten der Oracle JDEdwards sind vollständig integrierte und komplette Lösungen geschäftlicher Anwendungen (ERP) für Unternehmen.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Oracle JD Edwards ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Komponenten der Oracle JDEdwards sind vollst\u00e4ndig integrierte und komplette L\u00f6sungen gesch\u00e4ftlicher Anwendungen (ERP) f\u00fcr Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Oracle JD Edwards ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1568 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1568.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1568 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1568"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2025 - Appendix Oracle JD Edwards vom 2025-07-15",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJDE"
}
],
"source_lang": "en-US",
"title": "Oracle JD Edwards: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-07-15T22:00:00.000+00:00",
"generator": {
"date": "2025-07-16T08:31:57.908+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1568",
"initial_release_date": "2025-07-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-07-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=9.2.9.3",
"product": {
"name": "Oracle JD Edwards \u003c=9.2.9.3",
"product_id": "T045390"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.2.9.3",
"product": {
"name": "Oracle JD Edwards \u003c=9.2.9.3",
"product_id": "T045390-fixed"
}
},
{
"category": "product_version",
"name": "A9.4",
"product": {
"name": "Oracle JD Edwards A9.4",
"product_id": "T045420",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:jd_edwards_enterpriseone:a9.4"
}
}
}
],
"category": "product_name",
"name": "JD Edwards"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"product_status": {
"known_affected": [
"T045420"
],
"last_affected": [
"T045390"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-13176"
},
{
"cve": "CVE-2025-30760",
"product_status": {
"known_affected": [
"T045420"
],
"last_affected": [
"T045390"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-30760"
}
]
}
wid-sec-w-2025-0828
Vulnerability from csaf_certbund
Published
2025-04-15 22:00
Modified
2025-05-19 22:00
Summary
Oracle Database Server: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die Oracle Datenbank ist ein weit verbreitetes relationales Datenbanksystem.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Database Server ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Oracle Datenbank ist ein weit verbreitetes relationales Datenbanksystem.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Database Server ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0828 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0828.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0828 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0828"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2025 - Appendix Oracle Database Server vom 2025-04-15",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixDB"
}
],
"source_lang": "en-US",
"title": "Oracle Database Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-19T22:00:00.000+00:00",
"generator": {
"date": "2025-05-20T07:42:32.916+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0828",
"initial_release_date": "2025-04-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-05-19T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2025-11018"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "19.3-19.26",
"product": {
"name": "Oracle Database Server 19.3-19.26",
"product_id": "T042869",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:database_server:19.3_-_19.26"
}
}
},
{
"category": "product_version",
"name": "21.3-21.17",
"product": {
"name": "Oracle Database Server 21.3-21.17",
"product_id": "T042870",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:database_server:21.3_-_21.17"
}
}
},
{
"category": "product_version",
"name": "23.4-23.7",
"product": {
"name": "Oracle Database Server 23.4-23.7",
"product_id": "T042871",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:database_server:23.4_-_23.7"
}
}
}
],
"category": "product_name",
"name": "Database Server"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36843",
"product_status": {
"known_affected": [
"T042871",
"T042869",
"T042870"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2020-36843"
},
{
"cve": "CVE-2024-13176",
"product_status": {
"known_affected": [
"T042871",
"T042869",
"T042870"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-13176"
},
{
"cve": "CVE-2025-30694",
"product_status": {
"known_affected": [
"T042871",
"T042869",
"T042870"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30694"
},
{
"cve": "CVE-2025-30701",
"product_status": {
"known_affected": [
"T042871",
"T042869",
"T042870"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30701"
},
{
"cve": "CVE-2025-30702",
"product_status": {
"known_affected": [
"T042871",
"T042869",
"T042870"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30702"
},
{
"cve": "CVE-2025-30733",
"product_status": {
"known_affected": [
"T042871",
"T042869",
"T042870"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30733"
},
{
"cve": "CVE-2025-30736",
"product_status": {
"known_affected": [
"T042871",
"T042869",
"T042870"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30736"
}
]
}
wid-sec-w-2025-0813
Vulnerability from csaf_certbund
Published
2025-04-15 22:00
Modified
2025-06-04 22:00
Summary
Oracle MySQL: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
MySQL ist ein Open Source Datenbankserver von Oracle.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "MySQL ist ein Open Source Datenbankserver von Oracle.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0813 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0813.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0813 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0813"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2025 - Appendix Oracle MySQL vom 2025-04-15",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7479-1 vom 2025-05-05",
"url": "https://ubuntu.com/security/notices/USN-7479-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7519-1 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7519-1"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7235067 vom 2025-05-29",
"url": "https://www.ibm.com/support/pages/node/7235067"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7548-1 vom 2025-06-03",
"url": "https://ubuntu.com/security/notices/USN-7548-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4208 vom 2025-06-04",
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00005.html"
}
],
"source_lang": "en-US",
"title": "Oracle MySQL: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-06-04T22:00:00.000+00:00",
"generator": {
"date": "2025-06-05T06:17:02.653+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0813",
"initial_release_date": "2025-04-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-05-05T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-20T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-06-04T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "5104",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "8.4.0",
"product": {
"name": "Oracle MySQL 8.4.0",
"product_id": "1640751",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:mysql:8.4.0"
}
}
},
{
"category": "product_version",
"name": "9.0.0",
"product": {
"name": "Oracle MySQL 9.0.0",
"product_id": "1672260",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:mysql:9.0.0"
}
}
},
{
"category": "product_version",
"name": "8.0.0-8.0.41",
"product": {
"name": "Oracle MySQL 8.0.0-8.0.41",
"product_id": "T042893",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:mysql:8.0.0_-_8.0.41"
}
}
},
{
"category": "product_version",
"name": "9.0.0-9.2.0",
"product": {
"name": "Oracle MySQL 9.0.0-9.2.0",
"product_id": "T042894",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:mysql:9.0.0_-_9.2.0"
}
}
},
{
"category": "product_version",
"name": "9.0.0-9.1.0",
"product": {
"name": "Oracle MySQL 9.0.0-9.1.0",
"product_id": "T042895",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:mysql:9.0.0_-_9.1.0"
}
}
},
{
"category": "product_version",
"name": "7.6.0-7.6.33",
"product": {
"name": "Oracle MySQL 7.6.0-7.6.33",
"product_id": "T042896",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:mysql:7.6.0_-_7.6.33"
}
}
},
{
"category": "product_version",
"name": "8.4.0-8.4.4",
"product": {
"name": "Oracle MySQL 8.4.0-8.4.4",
"product_id": "T042897",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:mysql:8.4.0_-_8.4.4"
}
}
}
],
"category": "product_name",
"name": "MySQL"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-13176"
},
{
"cve": "CVE-2024-40896",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-40896"
},
{
"cve": "CVE-2024-7254",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2025-21574",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-21574"
},
{
"cve": "CVE-2025-21575",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-21575"
},
{
"cve": "CVE-2025-21577",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-21577"
},
{
"cve": "CVE-2025-21579",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-21579"
},
{
"cve": "CVE-2025-21580",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-21580"
},
{
"cve": "CVE-2025-21581",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-21581"
},
{
"cve": "CVE-2025-21583",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-21583"
},
{
"cve": "CVE-2025-21584",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-21584"
},
{
"cve": "CVE-2025-21585",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-21585"
},
{
"cve": "CVE-2025-21588",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-21588"
},
{
"cve": "CVE-2025-30681",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30681"
},
{
"cve": "CVE-2025-30682",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30682"
},
{
"cve": "CVE-2025-30683",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30683"
},
{
"cve": "CVE-2025-30684",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30684"
},
{
"cve": "CVE-2025-30685",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30685"
},
{
"cve": "CVE-2025-30687",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30687"
},
{
"cve": "CVE-2025-30688",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30688"
},
{
"cve": "CVE-2025-30689",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30689"
},
{
"cve": "CVE-2025-30693",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30693"
},
{
"cve": "CVE-2025-30695",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30695"
},
{
"cve": "CVE-2025-30696",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30696"
},
{
"cve": "CVE-2025-30699",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30699"
},
{
"cve": "CVE-2025-30703",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30703"
},
{
"cve": "CVE-2025-30704",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30704"
},
{
"cve": "CVE-2025-30705",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30705"
},
{
"cve": "CVE-2025-30706",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30706"
},
{
"cve": "CVE-2025-30710",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30710"
},
{
"cve": "CVE-2025-30714",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30714"
},
{
"cve": "CVE-2025-30715",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30715"
},
{
"cve": "CVE-2025-30721",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30721"
},
{
"cve": "CVE-2025-30722",
"product_status": {
"known_affected": [
"T042893",
"T042894",
"T042895",
"T042896",
"2951",
"T042897",
"T000126",
"5104",
"1640751",
"1672260"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-30722"
}
]
}
fkie_cve-2024-13176
Vulnerability from fkie_nvd
Published
2025-01-20 14:15
Modified
2025-05-26 18:15
Severity ?
Summary
Issue summary: A timing side-channel which could potentially allow recovering
the private key exists in the ECDSA signature computation.
Impact summary: A timing side-channel in ECDSA signature computations
could allow recovering the private key by an attacker. However, measuring
the timing would require either local access to the signing application or
a very fast network connection with low latency.
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In particular
the NIST P-521 curve is affected. To be able to measure this leak, the attacker
process must either be located in the same physical computer or must
have a very fast network connection with low latency. For that reason
the severity of this vulnerability is Low.
The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| openssl-security@openssl.org | https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844 | ||
| openssl-security@openssl.org | https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467 | ||
| openssl-security@openssl.org | https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902 | ||
| openssl-security@openssl.org | https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65 | ||
| openssl-security@openssl.org | https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f | ||
| openssl-security@openssl.org | https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded | ||
| openssl-security@openssl.org | https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86 | ||
| openssl-security@openssl.org | https://openssl-library.org/news/secadv/20250120.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/01/20/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20250124-0005/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20250418-0010/ |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue."
},
{
"lang": "es",
"value": "Resumen del problema: Existe un canal lateral de temporizaci\u00f3n que potencialmente podr\u00eda permitir recuperar la clave privada en el c\u00e1lculo de la firma ECDSA. Resumen del impacto: Un canal lateral de temporizaci\u00f3n en los c\u00e1lculos de firmas ECDSA podr\u00eda permitir que un atacante recupere la clave privada. Sin embargo, para medir el tiempo se necesitar\u00eda acceso local a la aplicaci\u00f3n de firma o una conexi\u00f3n de red muy r\u00e1pida con baja latencia. Hay una se\u00f1al de tiempo de alrededor de 300 nanosegundos cuando la palabra superior del valor nonce ECDSA invertido es cero. Esto puede suceder con una probabilidad significativa s\u00f3lo para algunas de las curvas el\u00edpticas admitidas. En particular, la curva NIST P-521 se ve afectada. Para poder medir esta fuga, el proceso atacante debe estar ubicado en la misma computadora f\u00edsica o debe tener una conexi\u00f3n de red muy r\u00e1pida con baja latencia. Por esa raz\u00f3n la severidad de esta vulnerabilidad es Baja."
}
],
"id": "CVE-2024-13176",
"lastModified": "2025-05-26T18:15:19.740",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-20T14:15:26.247",
"references": [
{
"source": "openssl-security@openssl.org",
"url": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844"
},
{
"source": "openssl-security@openssl.org",
"url": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467"
},
{
"source": "openssl-security@openssl.org",
"url": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902"
},
{
"source": "openssl-security@openssl.org",
"url": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65"
},
{
"source": "openssl-security@openssl.org",
"url": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f"
},
{
"source": "openssl-security@openssl.org",
"url": "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded"
},
{
"source": "openssl-security@openssl.org",
"url": "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86"
},
{
"source": "openssl-security@openssl.org",
"url": "https://openssl-library.org/news/secadv/20250120.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2025/01/20/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20250124-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20250418-0010/"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-385"
}
],
"source": "openssl-security@openssl.org",
"type": "Secondary"
}
]
}
ghsa-r9fv-h47r-823f
Vulnerability from github
Published
2025-01-20 15:31
Modified
2025-05-26 18:30
Severity ?
VLAI Severity ?
Details
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation.
Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency.
There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low.
{
"affected": [],
"aliases": [
"CVE-2024-13176"
],
"database_specific": {
"cwe_ids": [
"CWE-385"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-20T14:15:26Z",
"severity": "MODERATE"
},
"details": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.",
"id": "GHSA-r9fv-h47r-823f",
"modified": "2025-05-26T18:30:24Z",
"published": "2025-01-20T15:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f"
},
{
"type": "WEB",
"url": "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded"
},
{
"type": "WEB",
"url": "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html"
},
{
"type": "WEB",
"url": "https://openssl-library.org/news/secadv/20250120.txt"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250124-0005"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250418-0010"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/01/20/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
opensuse-su-2025:14696-1
Vulnerability from csaf_opensuse
Published
2025-01-25 00:00
Modified
2025-01-25 00:00
Summary
libopenssl-3-devel-3.2.3-4.1 on GA media
Notes
Title of the patch
libopenssl-3-devel-3.2.3-4.1 on GA media
Description of the patch
These are all security issues fixed in the libopenssl-3-devel-3.2.3-4.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14696
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libopenssl-3-devel-3.2.3-4.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libopenssl-3-devel-3.2.3-4.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14696",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14696-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14696-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2SJWUM3ZDQ76XIG2YCDVO2XQE6VZ5SCY/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14696-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2SJWUM3ZDQ76XIG2YCDVO2XQE6VZ5SCY/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13176/"
}
],
"title": "libopenssl-3-devel-3.2.3-4.1 on GA media",
"tracking": {
"current_release_date": "2025-01-25T00:00:00Z",
"generator": {
"date": "2025-01-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14696-1",
"initial_release_date": "2025-01-25T00:00:00Z",
"revision_history": [
{
"date": "2025-01-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-4.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.2.3-4.1.aarch64",
"product_id": "libopenssl-3-devel-3.2.3-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.2.3-4.1.aarch64",
"product": {
"name": "libopenssl-3-devel-32bit-3.2.3-4.1.aarch64",
"product_id": "libopenssl-3-devel-32bit-3.2.3-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-4.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-4.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.2.3-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.aarch64",
"product_id": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.aarch64",
"product_id": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-4.1.aarch64",
"product": {
"name": "libopenssl3-3.2.3-4.1.aarch64",
"product_id": "libopenssl3-3.2.3-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.2.3-4.1.aarch64",
"product": {
"name": "libopenssl3-32bit-3.2.3-4.1.aarch64",
"product_id": "libopenssl3-32bit-3.2.3-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-x86-64-v3-3.2.3-4.1.aarch64",
"product": {
"name": "libopenssl3-x86-64-v3-3.2.3-4.1.aarch64",
"product_id": "libopenssl3-x86-64-v3-3.2.3-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-4.1.aarch64",
"product": {
"name": "openssl-3-3.2.3-4.1.aarch64",
"product_id": "openssl-3-3.2.3-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.2.3-4.1.aarch64",
"product": {
"name": "openssl-3-doc-3.2.3-4.1.aarch64",
"product_id": "openssl-3-doc-3.2.3-4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-4.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.2.3-4.1.ppc64le",
"product_id": "libopenssl-3-devel-3.2.3-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.2.3-4.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-32bit-3.2.3-4.1.ppc64le",
"product_id": "libopenssl-3-devel-32bit-3.2.3-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-4.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-4.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-3.2.3-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-4.1.ppc64le",
"product": {
"name": "libopenssl3-3.2.3-4.1.ppc64le",
"product_id": "libopenssl3-3.2.3-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.2.3-4.1.ppc64le",
"product": {
"name": "libopenssl3-32bit-3.2.3-4.1.ppc64le",
"product_id": "libopenssl3-32bit-3.2.3-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-x86-64-v3-3.2.3-4.1.ppc64le",
"product": {
"name": "libopenssl3-x86-64-v3-3.2.3-4.1.ppc64le",
"product_id": "libopenssl3-x86-64-v3-3.2.3-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-4.1.ppc64le",
"product": {
"name": "openssl-3-3.2.3-4.1.ppc64le",
"product_id": "openssl-3-3.2.3-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.2.3-4.1.ppc64le",
"product": {
"name": "openssl-3-doc-3.2.3-4.1.ppc64le",
"product_id": "openssl-3-doc-3.2.3-4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-4.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.2.3-4.1.s390x",
"product_id": "libopenssl-3-devel-3.2.3-4.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.2.3-4.1.s390x",
"product": {
"name": "libopenssl-3-devel-32bit-3.2.3-4.1.s390x",
"product_id": "libopenssl-3-devel-32bit-3.2.3-4.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-4.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-4.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.2.3-4.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.s390x",
"product_id": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.s390x",
"product_id": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-4.1.s390x",
"product": {
"name": "libopenssl3-3.2.3-4.1.s390x",
"product_id": "libopenssl3-3.2.3-4.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.2.3-4.1.s390x",
"product": {
"name": "libopenssl3-32bit-3.2.3-4.1.s390x",
"product_id": "libopenssl3-32bit-3.2.3-4.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-x86-64-v3-3.2.3-4.1.s390x",
"product": {
"name": "libopenssl3-x86-64-v3-3.2.3-4.1.s390x",
"product_id": "libopenssl3-x86-64-v3-3.2.3-4.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-4.1.s390x",
"product": {
"name": "openssl-3-3.2.3-4.1.s390x",
"product_id": "openssl-3-3.2.3-4.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.2.3-4.1.s390x",
"product": {
"name": "openssl-3-doc-3.2.3-4.1.s390x",
"product_id": "openssl-3-doc-3.2.3-4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-4.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.2.3-4.1.x86_64",
"product_id": "libopenssl-3-devel-3.2.3-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.2.3-4.1.x86_64",
"product": {
"name": "libopenssl-3-devel-32bit-3.2.3-4.1.x86_64",
"product_id": "libopenssl-3-devel-32bit-3.2.3-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-4.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-4.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.2.3-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.x86_64",
"product_id": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.x86_64",
"product_id": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-4.1.x86_64",
"product": {
"name": "libopenssl3-3.2.3-4.1.x86_64",
"product_id": "libopenssl3-3.2.3-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.2.3-4.1.x86_64",
"product": {
"name": "libopenssl3-32bit-3.2.3-4.1.x86_64",
"product_id": "libopenssl3-32bit-3.2.3-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-x86-64-v3-3.2.3-4.1.x86_64",
"product": {
"name": "libopenssl3-x86-64-v3-3.2.3-4.1.x86_64",
"product_id": "libopenssl3-x86-64-v3-3.2.3-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-4.1.x86_64",
"product": {
"name": "openssl-3-3.2.3-4.1.x86_64",
"product_id": "openssl-3-3.2.3-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.2.3-4.1.x86_64",
"product": {
"name": "openssl-3-doc-3.2.3-4.1.x86_64",
"product_id": "openssl-3-doc-3.2.3-4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.2.3-4.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.2.3-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.2.3-4.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.2.3-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.2.3-4.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.2.3-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.2.3-4.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.2.3-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.2.3-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.2.3-4.1.aarch64"
},
"product_reference": "libopenssl-3-devel-32bit-3.2.3-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.2.3-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.2.3-4.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-32bit-3.2.3-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.2.3-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.2.3-4.1.s390x"
},
"product_reference": "libopenssl-3-devel-32bit-3.2.3-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.2.3-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.2.3-4.1.x86_64"
},
"product_reference": "libopenssl-3-devel-32bit-3.2.3-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.2.3-4.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.2.3-4.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.2.3-4.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.2.3-4.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.2.3-4.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.2.3-4.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.2.3-4.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.2.3-4.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.2.3-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.2.3-4.1.aarch64"
},
"product_reference": "libopenssl3-3.2.3-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.2.3-4.1.ppc64le"
},
"product_reference": "libopenssl3-3.2.3-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.2.3-4.1.s390x"
},
"product_reference": "libopenssl3-3.2.3-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.2.3-4.1.x86_64"
},
"product_reference": "libopenssl3-3.2.3-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.2.3-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.2.3-4.1.aarch64"
},
"product_reference": "libopenssl3-32bit-3.2.3-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.2.3-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.2.3-4.1.ppc64le"
},
"product_reference": "libopenssl3-32bit-3.2.3-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.2.3-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.2.3-4.1.s390x"
},
"product_reference": "libopenssl3-32bit-3.2.3-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.2.3-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.2.3-4.1.x86_64"
},
"product_reference": "libopenssl3-32bit-3.2.3-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-x86-64-v3-3.2.3-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.2.3-4.1.aarch64"
},
"product_reference": "libopenssl3-x86-64-v3-3.2.3-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-x86-64-v3-3.2.3-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.2.3-4.1.ppc64le"
},
"product_reference": "libopenssl3-x86-64-v3-3.2.3-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-x86-64-v3-3.2.3-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.2.3-4.1.s390x"
},
"product_reference": "libopenssl3-x86-64-v3-3.2.3-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-x86-64-v3-3.2.3-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.2.3-4.1.x86_64"
},
"product_reference": "libopenssl3-x86-64-v3-3.2.3-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.2.3-4.1.aarch64"
},
"product_reference": "openssl-3-3.2.3-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.2.3-4.1.ppc64le"
},
"product_reference": "openssl-3-3.2.3-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.2.3-4.1.s390x"
},
"product_reference": "openssl-3-3.2.3-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.2.3-4.1.x86_64"
},
"product_reference": "openssl-3-3.2.3-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.2.3-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.2.3-4.1.aarch64"
},
"product_reference": "openssl-3-doc-3.2.3-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.2.3-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.2.3-4.1.ppc64le"
},
"product_reference": "openssl-3-doc-3.2.3-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.2.3-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.2.3-4.1.s390x"
},
"product_reference": "openssl-3-doc-3.2.3-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.2.3-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.2.3-4.1.x86_64"
},
"product_reference": "openssl-3-doc-3.2.3-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13176"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.2.3-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13176",
"url": "https://www.suse.com/security/cve/CVE-2024-13176"
},
{
"category": "external",
"summary": "SUSE Bug 1236136 for CVE-2024-13176",
"url": "https://bugzilla.suse.com/1236136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.2.3-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.2.3-4.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.2.3-4.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.2.3-4.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.2.3-4.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.2.3-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-13176"
}
]
}
ncsc-2025-0123
Vulnerability from csaf_ncscnl
Published
2025-04-16 08:37
Modified
2025-04-16 08:37
Summary
Kwetsbaarheden verholpen in Oracle Database Producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in diverse Oracle Database Producten en subsystemen, zoals Oracle Server, NoSQL, TimesTen, Secure Backup en Essbase.
Interpretaties
De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om een Denial-of-Service te veroorzaken of om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en gegevens te manipuleren. Subcomponenten als de RDBMS Listener, Java VM, en andere componenten zijn specifiek kwetsbaar, met CVSS-scores variërend van 5.3 tot 7.5, wat duidt op een gematigd tot hoog risico.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-385
Covert Timing Channel
CWE-347
Improper Verification of Cryptographic Signature
CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE-125
Out-of-bounds Read
CWE-404
Improper Resource Shutdown or Release
CWE-400
Uncontrolled Resource Consumption
CWE-502
Deserialization of Untrusted Data
CWE-918
Server-Side Request Forgery (SSRF)
CWE-787
Out-of-bounds Write
CWE-20
Improper Input Validation
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-44
Path Equivalence: 'file.name' (Internal Dot)
CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CWE-706
Use of Incorrectly-Resolved Name or Reference
CWE-669
Incorrect Resource Transfer Between Spheres
CWE-755
Improper Handling of Exceptional Conditions
CWE-178
Improper Handling of Case Sensitivity
CWE-193
Off-by-one Error
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-523
Unprotected Transport of Credentials
CWE-190
Integer Overflow or Wraparound
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-285
Improper Authorization
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-284
Improper Access Control
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-476
NULL Pointer Dereference
CWE-459
Incomplete Cleanup
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-674
Uncontrolled Recursion
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-269
Improper Privilege Management
CWE-287
Improper Authentication
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in diverse Oracle Database Producten en subsystemen, zoals Oracle Server, NoSQL, TimesTen, Secure Backup en Essbase.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om een Denial-of-Service te veroorzaken of om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en gegevens te manipuleren. Subcomponenten als de RDBMS Listener, Java VM, en andere componenten zijn specifiek kwetsbaar, met CVSS-scores vari\u00ebrend van 5.3 tot 7.5, wat duidt op een gematigd tot hoog risico.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "general",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "general",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Path Equivalence: \u0027file.name\u0027 (Internal Dot)",
"title": "CWE-44"
},
{
"category": "general",
"text": "Sensitive Information in Resource Not Removed Before Reuse",
"title": "CWE-226"
},
{
"category": "general",
"text": "Use of Incorrectly-Resolved Name or Reference",
"title": "CWE-706"
},
{
"category": "general",
"text": "Incorrect Resource Transfer Between Spheres",
"title": "CWE-669"
},
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "general",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "general",
"text": "Off-by-one Error",
"title": "CWE-193"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "Unprotected Transport of Credentials",
"title": "CWE-523"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"title": "CWE-614"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Incomplete Cleanup",
"title": "CWE-459"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Improper Privilege Management",
"title": "CWE-269"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Database Producten",
"tracking": {
"current_release_date": "2025-04-16T08:37:39.412900Z",
"generator": {
"date": "2025-02-25T15:15:00Z",
"engine": {
"name": "V.A.",
"version": "1.0"
}
},
"id": "NCSC-2025-0123",
"initial_release_date": "2025-04-16T08:37:39.412900Z",
"revision_history": [
{
"date": "2025-04-16T08:37:39.412900Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/22.1",
"product": {
"name": "vers:unknown/22.1",
"product_id": "CSAFPID-1304603"
}
}
],
"category": "product_name",
"name": "Database Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/13.5.0.0",
"product": {
"name": "vers:unknown/13.5.0.0",
"product_id": "CSAFPID-1201359"
}
}
],
"category": "product_name",
"name": "Enterprise Manager for Oracle Database"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003e=19.1.0.0.0|\u003c=19.26.0.0.250219",
"product": {
"name": "vers:unknown/\u003e=19.1.0.0.0|\u003c=19.26.0.0.250219",
"product_id": "CSAFPID-2698376"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/\u003e=21.3|\u003c=21.17",
"product": {
"name": "vers:unknown/\u003e=21.3|\u003c=21.17",
"product_id": "CSAFPID-2698377"
}
}
],
"category": "product_name",
"name": "GoldenGate"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/23.1",
"product": {
"name": "vers:oracle/23.1",
"product_id": "CSAFPID-1238473"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2.0",
"product": {
"name": "vers:unknown/2.0",
"product_id": "CSAFPID-1237753"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/20.2",
"product": {
"name": "vers:unknown/20.2",
"product_id": "CSAFPID-1238475"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/23.1",
"product": {
"name": "vers:unknown/23.1",
"product_id": "CSAFPID-1296375"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/none",
"product": {
"name": "vers:unknown/none",
"product_id": "CSAFPID-1237603"
}
}
],
"category": "product_name",
"name": "Big Data Spatial and Graph"
}
],
"category": "product_family",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.3|\u003c=19.22",
"product": {
"name": "vers:oracle/\u003e=19.3|\u003c=19.22",
"product_id": "CSAFPID-1145825"
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=21.3|\u003c=21.13",
"product": {
"name": "vers:oracle/\u003e=21.3|\u003c=21.13",
"product_id": "CSAFPID-1145826"
}
}
],
"category": "product_name",
"name": "Oracle Database Server"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.3|\u003c=19.26",
"product": {
"name": "vers:oracle/\u003e=19.3|\u003c=19.26",
"product_id": "CSAFPID-2698969",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=21.3|\u003c=21.17",
"product": {
"name": "vers:oracle/\u003e=21.3|\u003c=21.17",
"product_id": "CSAFPID-2698968",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=21.4|\u003c=21.16",
"product": {
"name": "vers:oracle/\u003e=21.4|\u003c=21.16",
"product_id": "CSAFPID-1839905",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=23.4|\u003c=23.7",
"product": {
"name": "vers:oracle/\u003e=23.4|\u003c=23.7",
"product_id": "CSAFPID-2698934",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Database Server"
}
],
"category": "product_family",
"name": "Oracle Database Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/13.5.0.0",
"product": {
"name": "vers:oracle/13.5.0.0",
"product_id": "CSAFPID-1144644"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Manager for Oracle Database"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/1.5.0",
"product": {
"name": "vers:oracle/1.5.0",
"product_id": "CSAFPID-2699002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:1.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/1.6.0",
"product": {
"name": "vers:oracle/1.6.0",
"product_id": "CSAFPID-2699003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:1.6.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/1.6.1",
"product": {
"name": "vers:oracle/1.6.1",
"product_id": "CSAFPID-2699004",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:1.6.1:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle NoSQL Database"
}
],
"category": "product_family",
"name": "Oracle NoSQL Database"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=22.1.1.1.0|\u003c=22.1.1.30.0",
"product": {
"name": "vers:oracle/\u003e=22.1.1.1.0|\u003c=22.1.1.30.0",
"product_id": "CSAFPID-2699053",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle TimesTen In-Memory Database"
}
],
"category": "product_family",
"name": "Oracle TimesTen In-Memory Database"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/25.1.0",
"product": {
"name": "vers:oracle/25.1.0",
"product_id": "CSAFPID-2698932",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/25.2.0",
"product": {
"name": "vers:oracle/25.2.0",
"product_id": "CSAFPID-2698931",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=23.8.0|\u003c=23.11.0",
"product": {
"name": "vers:oracle/\u003e=23.8.0|\u003c=23.11.0",
"product_id": "CSAFPID-2698930",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=24.1.0|\u003c=24.11.0",
"product": {
"name": "vers:oracle/\u003e=24.1.0|\u003c=24.11.0",
"product_id": "CSAFPID-2698933",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Autonomous Health Framework"
}
],
"category": "product_family",
"name": "Oracle Autonomous Health Framework"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/21.7.1.0.0",
"product": {
"name": "vers:oracle/21.7.1.0.0",
"product_id": "CSAFPID-2698943",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:essbase:21.7.1.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Essbase"
}
],
"category": "product_family",
"name": "Oracle Essbase"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.10",
"product": {
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.10",
"product_id": "CSAFPID-2698949",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "GoldenGate Stream Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.26.0.0.250219",
"product": {
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.26.0.0.250219",
"product_id": "CSAFPID-2698941",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=21.3|\u003c=21.17",
"product": {
"name": "vers:oracle/\u003e=21.3|\u003c=21.17",
"product_id": "CSAFPID-2698942",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.3-21.17:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=23.4|\u003c=23.7",
"product": {
"name": "vers:oracle/\u003e=23.4|\u003c=23.7",
"product_id": "CSAFPID-2699022",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:23.4-23.7:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle GoldenGate"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.18",
"product": {
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.18",
"product_id": "CSAFPID-1839977",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=21.3.0.0.0|\u003c=21.16.0.0.0",
"product": {
"name": "vers:oracle/\u003e=21.3.0.0.0|\u003c=21.16.0.0.0",
"product_id": "CSAFPID-1840034",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=23.4|\u003c=23.6",
"product": {
"name": "vers:oracle/\u003e=23.4|\u003c=23.6",
"product_id": "CSAFPID-1840035",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle GoldenGate Big Data and Application Adapters"
}
],
"category": "product_family",
"name": "Oracle GoldenGate"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.7",
"product": {
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.7",
"product_id": "CSAFPID-1144602"
}
}
],
"category": "product_name",
"name": "Oracle GoldenGate Stream Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003c23.1",
"product": {
"name": "vers:oracle/\u003c23.1",
"product_id": "CSAFPID-1145800"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2.0",
"product": {
"name": "vers:unknown/2.0",
"product_id": "CSAFPID-356315",
"product_identification_helper": {
"cpe": "cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/23.1",
"product": {
"name": "vers:unknown/23.1",
"product_id": "CSAFPID-356152"
}
}
],
"category": "product_name",
"name": "Big Data Spatial and Graph"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/23.4.3",
"product": {
"name": "vers:oracle/23.4.3",
"product_id": "CSAFPID-2699065",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:23.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/24.3.0",
"product": {
"name": "vers:oracle/24.3.0",
"product_id": "CSAFPID-2699066",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:24.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/23.4.4",
"product": {
"name": "vers:oracle/23.4.4",
"product_id": "CSAFPID-1840017",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:23.4.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/24.4.0",
"product": {
"name": "vers:oracle/24.4.0",
"product_id": "CSAFPID-1840013",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:24.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Graph Server and Client"
}
],
"category": "product_family",
"name": "Oracle Graph Server and Client"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003c=22.4.7",
"product": {
"name": "vers:oracle/\u003c=22.4.7",
"product_id": "CSAFPID-1145419",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003c=23.4.2",
"product": {
"name": "vers:oracle/\u003c=23.4.2",
"product_id": "CSAFPID-1145421",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003c=24.1.0",
"product": {
"name": "vers:oracle/\u003c=24.1.0",
"product_id": "CSAFPID-1145422",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Graph Server and Client"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/3.0.6",
"product": {
"name": "vers:oracle/3.0.6",
"product_id": "CSAFPID-1145420",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Big Data Spatial and Graph"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.1.0.1",
"product": {
"name": "vers:oracle/12.1.0.1",
"product_id": "CSAFPID-2699109",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:12.1.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/12.1.0.2",
"product": {
"name": "vers:oracle/12.1.0.2",
"product_id": "CSAFPID-2699107",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:12.1.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/12.1.0.3",
"product": {
"name": "vers:oracle/12.1.0.3",
"product_id": "CSAFPID-2699106",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:12.1.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/18.1.0.0",
"product": {
"name": "vers:oracle/18.1.0.0",
"product_id": "CSAFPID-2699110",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/18.1.0.1",
"product": {
"name": "vers:oracle/18.1.0.1",
"product_id": "CSAFPID-2698972",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/18.1.0.2",
"product": {
"name": "vers:oracle/18.1.0.2",
"product_id": "CSAFPID-2699108",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.2:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Secure Backup"
}
],
"category": "product_family",
"name": "Oracle Secure Backup"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/19.3|\u003c=19.26",
"product": {
"name": "vers:semver/19.3|\u003c=19.26",
"product_id": "CSAFPID-2698485"
}
},
{
"category": "product_version_range",
"name": "vers:semver/21.3|\u003c=21.17",
"product": {
"name": "vers:semver/21.3|\u003c=21.17",
"product_id": "CSAFPID-2698486"
}
},
{
"category": "product_version_range",
"name": "vers:semver/23.4|\u003c=23.7",
"product": {
"name": "vers:semver/23.4|\u003c=23.7",
"product_id": "CSAFPID-2698487"
}
}
],
"category": "product_name",
"name": "Oracle Database Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/12.1.0.1",
"product": {
"name": "vers:semver/12.1.0.1",
"product_id": "CSAFPID-2698463"
}
},
{
"category": "product_version_range",
"name": "vers:semver/12.1.0.2",
"product": {
"name": "vers:semver/12.1.0.2",
"product_id": "CSAFPID-2698464"
}
},
{
"category": "product_version_range",
"name": "vers:semver/12.1.0.3",
"product": {
"name": "vers:semver/12.1.0.3",
"product_id": "CSAFPID-2698465"
}
},
{
"category": "product_version_range",
"name": "vers:semver/18.1.0.0",
"product": {
"name": "vers:semver/18.1.0.0",
"product_id": "CSAFPID-2698466"
}
},
{
"category": "product_version_range",
"name": "vers:semver/18.1.0.1",
"product": {
"name": "vers:semver/18.1.0.1",
"product_id": "CSAFPID-2698467"
}
},
{
"category": "product_version_range",
"name": "vers:semver/18.1.0.2",
"product": {
"name": "vers:semver/18.1.0.2",
"product_id": "CSAFPID-2698468"
}
}
],
"category": "product_name",
"name": "Oracle Secure Backup"
}
],
"category": "vendor",
"name": "Oracle Corporation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1935",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-1935",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1935.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2020-1935"
},
{
"cve": "CVE-2020-1938",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Improper Privilege Management",
"title": "CWE-269"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-1938",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1938.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2020-1938"
},
{
"cve": "CVE-2020-9484",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-9484",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-9484.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2020-9484"
},
{
"cve": "CVE-2020-11996",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-11996",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-11996.json"
}
],
"title": "CVE-2020-11996"
},
{
"cve": "CVE-2020-13935",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13935",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13935.json"
}
],
"title": "CVE-2020-13935"
},
{
"cve": "CVE-2020-13943",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13943",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13943.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2020-13943"
},
{
"cve": "CVE-2020-36843",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "other",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-36843",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36843.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2020-36843"
},
{
"cve": "CVE-2021-24122",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-24122",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-24122.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-24122"
},
{
"cve": "CVE-2021-25122",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-25122",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-25122.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-25122"
},
{
"cve": "CVE-2021-25329",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-25329",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-25329.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-25329"
},
{
"cve": "CVE-2021-30640",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-30640",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-30640.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-30640"
},
{
"cve": "CVE-2021-33037",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-33037",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-33037.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-33037"
},
{
"cve": "CVE-2021-41079",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-41079",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41079.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-41079"
},
{
"cve": "CVE-2021-41184",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-41184",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41184.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-42575",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-42575",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-42575.json"
}
],
"title": "CVE-2021-42575"
},
{
"cve": "CVE-2021-43980",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-43980",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-43980.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-43980"
},
{
"cve": "CVE-2022-3786",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"notes": [
{
"category": "other",
"text": "Off-by-one Error",
"title": "CWE-193"
},
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-3786",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3786.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2022-3786"
},
{
"cve": "CVE-2022-25762",
"cwe": {
"id": "CWE-226",
"name": "Sensitive Information in Resource Not Removed Before Reuse"
},
"notes": [
{
"category": "other",
"text": "Sensitive Information in Resource Not Removed Before Reuse",
"title": "CWE-226"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-25762",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-25762.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2022-25762"
},
{
"cve": "CVE-2022-42252",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-42252",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42252.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2022-42252"
},
{
"cve": "CVE-2023-28708",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Unprotected Transport of Credentials",
"title": "CWE-523"
},
{
"category": "other",
"text": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"title": "CWE-614"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-28708",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28708.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-28708"
},
{
"cve": "CVE-2023-34053",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-34053",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34053.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-34053"
},
{
"cve": "CVE-2023-41080",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-41080",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-41080.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-41080"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "other",
"text": "Incomplete Cleanup",
"title": "CWE-459"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-42795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-44487",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45648",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45648.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-45648"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46589",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2024-6763",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6763",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6763.json"
}
],
"title": "CVE-2024-6763"
},
{
"cve": "CVE-2024-8176",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8176",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8176.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-8176"
},
{
"cve": "CVE-2024-8184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8184",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8184.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-8184"
},
{
"cve": "CVE-2024-9143",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-9143",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json"
}
],
"title": "CVE-2024-9143"
},
{
"cve": "CVE-2024-11053",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11053",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11053.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-11053"
},
{
"cve": "CVE-2024-11233",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11233",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11233.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-11233"
},
{
"cve": "CVE-2024-11234",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11234",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11234.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-11234"
},
{
"cve": "CVE-2024-11236",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11236",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11236.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-11236"
},
{
"cve": "CVE-2024-13176",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "other",
"text": "Covert Timing Channel",
"title": "CWE-385"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-13176",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-13176.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-13176"
},
{
"cve": "CVE-2024-23672",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "other",
"text": "Incomplete Cleanup",
"title": "CWE-459"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23672",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-24549",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24549",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-36114",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36114",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36114.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-36114"
},
{
"cve": "CVE-2024-37891",
"cwe": {
"id": "CWE-669",
"name": "Incorrect Resource Transfer Between Spheres"
},
"notes": [
{
"category": "other",
"text": "Incorrect Resource Transfer Between Spheres",
"title": "CWE-669"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37891",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-38819",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38819",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-38820",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38820",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-38820"
},
{
"cve": "CVE-2024-38999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38999",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-38999"
},
{
"cve": "CVE-2024-39338",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39338",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39338.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-39338"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47561",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-47561"
},
{
"cve": "CVE-2024-53382",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-53382",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-53382.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-53382"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-21578",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21578",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21578.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-21578"
},
{
"cve": "CVE-2025-24813",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "other",
"text": "Path Equivalence: \u0027file.name\u0027 (Internal Dot)",
"title": "CWE-44"
},
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Use of Incorrectly-Resolved Name or Reference",
"title": "CWE-706"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24813",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24813.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-24813"
},
{
"cve": "CVE-2025-24970",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24970",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24970.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-24970"
},
{
"cve": "CVE-2025-25193",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25193",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-25193.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-25193"
},
{
"cve": "CVE-2025-26791",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26791",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26791.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-26791"
},
{
"cve": "CVE-2025-30694",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30694",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30694.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-30694"
},
{
"cve": "CVE-2025-30701",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30701",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30701.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-30701"
},
{
"cve": "CVE-2025-30702",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30702",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30702.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-30702"
},
{
"cve": "CVE-2025-30733",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30733",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30733.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-30733"
},
{
"cve": "CVE-2025-30736",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30736",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30736.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-30736"
}
]
}
ncsc-2025-0132
Vulnerability from csaf_ncscnl
Published
2025-04-16 15:11
Modified
2025-04-16 15:11
Summary
Kwetsbaarheden verholpen in Oracle MySQL
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft meerdere kwetsbaarheden verholpen in MySQL
Interpretaties
De kwetsbaarheden in Oracle MySQL stellen kwaadwillenden in staat om een denial-of-service-aanval uit te voeren, toegang te krijgen tot gevoelige gegevens of, met voldoende authorisaties de werking van de MySQL server te beinvloeden.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-385
Covert Timing Channel
CWE-674
Uncontrolled Recursion
CWE-611
Improper Restriction of XML External Entity Reference
CWE-20
Improper Input Validation
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft meerdere kwetsbaarheden verholpen in MySQL",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in Oracle MySQL stellen kwaadwillenden in staat om een denial-of-service-aanval uit te voeren, toegang te krijgen tot gevoelige gegevens of, met voldoende authorisaties de werking van de MySQL server te beinvloeden.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle MySQL",
"tracking": {
"current_release_date": "2025-04-16T15:11:43.357092Z",
"generator": {
"date": "2025-02-25T15:15:00Z",
"engine": {
"name": "V.A.",
"version": "1.0"
}
},
"id": "NCSC-2025-0132",
"initial_release_date": "2025-04-16T15:11:43.357092Z",
"revision_history": [
{
"date": "2025-04-16T15:11:43.357092Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=8.0.0|\u003c=8.0.41",
"product": {
"name": "vers:oracle/\u003e=8.0.0|\u003c=8.0.41",
"product_id": "CSAFPID-2698980",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_workbench:8.0.0-8.0.41:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "MySQL Workbench"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=9.0.0|\u003c=9.1.0",
"product": {
"name": "vers:oracle/\u003e=9.0.0|\u003c=9.1.0",
"product_id": "CSAFPID-2699095",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_connector\\/j:9.0.0-9.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=9.0.0|\u003c=9.2.0",
"product": {
"name": "vers:oracle/\u003e=9.0.0|\u003c=9.2.0",
"product_id": "CSAFPID-2698978",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_connector\\/python:9.0.0-9.2.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "MySQL Connectors"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=7.6.0|\u003c=7.6.33",
"product": {
"name": "vers:oracle/\u003e=7.6.0|\u003c=7.6.33",
"product_id": "CSAFPID-2699104",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_cluster:7.6.0-7.6.33:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=8.0.0|\u003c=8.0.41",
"product": {
"name": "vers:oracle/\u003e=8.0.0|\u003c=8.0.41",
"product_id": "CSAFPID-2699103",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_cluster:8.0.0-8.0.41:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=8.4.0|\u003c=8.4.4",
"product": {
"name": "vers:oracle/\u003e=8.4.0|\u003c=8.4.4",
"product_id": "CSAFPID-2699102",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_cluster:8.4.0-8.4.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=9.0.0|\u003c=9.2.0",
"product": {
"name": "vers:oracle/\u003e=9.0.0|\u003c=9.2.0",
"product_id": "CSAFPID-2699105",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_cluster:9.0.0-9.2.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "MySQL Cluster"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=8.0.0|\u003c=8.0.41",
"product": {
"name": "vers:oracle/\u003e=8.0.0|\u003c=8.0.41",
"product_id": "CSAFPID-2698983",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.41:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=8.4.0|\u003c=8.4.4",
"product": {
"name": "vers:oracle/\u003e=8.4.0|\u003c=8.4.4",
"product_id": "CSAFPID-2698981",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=9.0.0|\u003c=9.2.0",
"product": {
"name": "vers:oracle/\u003e=9.0.0|\u003c=9.2.0",
"product_id": "CSAFPID-2698977",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/ddl) version 8.4.0",
"product": {
"name": "vers:oracle/ddl) version 8.4.0",
"product_id": "CSAFPID-2699112",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/ddl) version 9.0.0",
"product": {
"name": "vers:oracle/ddl) version 9.0.0",
"product_id": "CSAFPID-2699113",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "MySQL Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=8.0.0|\u003c=8.0.41",
"product": {
"name": "vers:oracle/\u003e=8.0.0|\u003c=8.0.41",
"product_id": "CSAFPID-2699174",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_client:8.0.0-8.0.41:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=8.4.0|\u003c=8.4.4",
"product": {
"name": "vers:oracle/\u003e=8.4.0|\u003c=8.4.4",
"product_id": "CSAFPID-2699172",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_client:8.4.0-8.4.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=9.0.0|\u003c=9.2.0",
"product": {
"name": "vers:oracle/\u003e=9.0.0|\u003c=9.2.0",
"product_id": "CSAFPID-2699173",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_client:9.0.0-9.2.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "MySQL Client"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=8.0.0|\u003c=8.0.41",
"product": {
"name": "vers:oracle/\u003e=8.0.0|\u003c=8.0.41",
"product_id": "CSAFPID-2698982",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_enterprise_backup:8.0.0-8.0.41:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=8.4.0|\u003c=8.4.4",
"product": {
"name": "vers:oracle/\u003e=8.4.0|\u003c=8.4.4",
"product_id": "CSAFPID-2698976",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_enterprise_backup:8.4.0-8.4.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=9.0.0|\u003c=9.2.0",
"product": {
"name": "vers:oracle/\u003e=9.0.0|\u003c=9.2.0",
"product_id": "CSAFPID-2698979",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:mysql_enterprise_backup:9.0.0-9.2.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "MySQL Enterprise Backup"
}
],
"category": "product_family",
"name": "Oracle MySQL"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/9.0.0|\u003c=9.2.0",
"product": {
"name": "vers:semver/9.0.0|\u003c=9.2.0",
"product_id": "CSAFPID-2698495"
}
}
],
"category": "product_name",
"name": "MySQL Connectors"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/7.6.0|\u003c=7.6.33",
"product": {
"name": "vers:semver/7.6.0|\u003c=7.6.33",
"product_id": "CSAFPID-2698453"
}
},
{
"category": "product_version_range",
"name": "vers:semver/8.0.0|\u003c=8.0.41",
"product": {
"name": "vers:semver/8.0.0|\u003c=8.0.41",
"product_id": "CSAFPID-2698454"
}
},
{
"category": "product_version_range",
"name": "vers:semver/8.4.0|\u003c=8.4.4",
"product": {
"name": "vers:semver/8.4.0|\u003c=8.4.4",
"product_id": "CSAFPID-2698455"
}
},
{
"category": "product_version_range",
"name": "vers:semver/9.0.0|\u003c=9.2.0",
"product": {
"name": "vers:semver/9.0.0|\u003c=9.2.0",
"product_id": "CSAFPID-2698456"
}
}
],
"category": "product_name",
"name": "MySQL Cluster"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/8.0.0|\u003c=8.0.41",
"product": {
"name": "vers:semver/8.0.0|\u003c=8.0.41",
"product_id": "CSAFPID-2698457"
}
},
{
"category": "product_version_range",
"name": "vers:semver/8.4.0",
"product": {
"name": "vers:semver/8.4.0",
"product_id": "CSAFPID-2698470"
}
},
{
"category": "product_version_range",
"name": "vers:semver/8.4.0|\u003c=8.4.4",
"product": {
"name": "vers:semver/8.4.0|\u003c=8.4.4",
"product_id": "CSAFPID-2698458"
}
},
{
"category": "product_version_range",
"name": "vers:semver/9.0.0",
"product": {
"name": "vers:semver/9.0.0",
"product_id": "CSAFPID-2698471"
}
},
{
"category": "product_version_range",
"name": "vers:semver/9.0.0|\u003c=9.2.0",
"product": {
"name": "vers:semver/9.0.0|\u003c=9.2.0",
"product_id": "CSAFPID-2698459"
}
}
],
"category": "product_name",
"name": "MySQL Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/8.0.0|\u003c=8.0.41",
"product": {
"name": "vers:semver/8.0.0|\u003c=8.0.41",
"product_id": "CSAFPID-2698636"
}
},
{
"category": "product_version_range",
"name": "vers:semver/8.4.0|\u003c=8.4.4",
"product": {
"name": "vers:semver/8.4.0|\u003c=8.4.4",
"product_id": "CSAFPID-2698637"
}
},
{
"category": "product_version_range",
"name": "vers:semver/9.0.0|\u003c=9.2.0",
"product": {
"name": "vers:semver/9.0.0|\u003c=9.2.0",
"product_id": "CSAFPID-2698638"
}
}
],
"category": "product_name",
"name": "MySQL Client"
}
],
"category": "vendor",
"name": "Oracle Corporation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7254",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-13176",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "other",
"text": "Covert Timing Channel",
"title": "CWE-385"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-13176",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-13176.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2024-13176"
},
{
"cve": "CVE-2024-40896",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-40896",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40896.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2024-40896"
},
{
"cve": "CVE-2025-21574",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21574",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21574.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-21574"
},
{
"cve": "CVE-2025-21575",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21575",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21575.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-21575"
},
{
"cve": "CVE-2025-21577",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21577",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21577.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-21577"
},
{
"cve": "CVE-2025-21579",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21579",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21579.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-21579"
},
{
"cve": "CVE-2025-21580",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21580",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21580.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-21580"
},
{
"cve": "CVE-2025-21581",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21581",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21581.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-21581"
},
{
"cve": "CVE-2025-21583",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21583",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21583.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-21583"
},
{
"cve": "CVE-2025-21584",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21584",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21584.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-21584"
},
{
"cve": "CVE-2025-21585",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21585",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21585.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-21585"
},
{
"cve": "CVE-2025-21588",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21588",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21588.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-21588"
},
{
"cve": "CVE-2025-30681",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30681",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30681.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30681"
},
{
"cve": "CVE-2025-30682",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30682",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30682.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30682"
},
{
"cve": "CVE-2025-30683",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30683",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30683.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30683"
},
{
"cve": "CVE-2025-30684",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30684",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30684.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30684"
},
{
"cve": "CVE-2025-30685",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30685",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30685.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30685"
},
{
"cve": "CVE-2025-30687",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30687",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30687.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30687"
},
{
"cve": "CVE-2025-30688",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30688",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30688.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30688"
},
{
"cve": "CVE-2025-30689",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30689",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30689.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30689"
},
{
"cve": "CVE-2025-30693",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30693",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30693.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30693"
},
{
"cve": "CVE-2025-30695",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30695",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30695.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30695"
},
{
"cve": "CVE-2025-30696",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30696",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30696.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30696"
},
{
"cve": "CVE-2025-30699",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30699",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30699"
},
{
"cve": "CVE-2025-30703",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30703",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30703.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30703"
},
{
"cve": "CVE-2025-30704",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30704",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30704.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30704"
},
{
"cve": "CVE-2025-30705",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30705",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30705.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30705"
},
{
"cve": "CVE-2025-30706",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "other",
"text": "Incorrect Default Permissions",
"title": "CWE-276"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30706",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30706.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30706"
},
{
"cve": "CVE-2025-30710",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30710",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30710.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30710"
},
{
"cve": "CVE-2025-30714",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30714",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30714.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30714"
},
{
"cve": "CVE-2025-30715",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30715",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30715.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30715"
},
{
"cve": "CVE-2025-30721",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30721",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30721.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30721"
},
{
"cve": "CVE-2025-30722",
"product_status": {
"known_affected": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30722",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30722.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698980",
"CSAFPID-2699095",
"CSAFPID-2698978",
"CSAFPID-2698495",
"CSAFPID-2699104",
"CSAFPID-2699103",
"CSAFPID-2699102",
"CSAFPID-2699105",
"CSAFPID-2698453",
"CSAFPID-2698454",
"CSAFPID-2698455",
"CSAFPID-2698456",
"CSAFPID-2698983",
"CSAFPID-2698981",
"CSAFPID-2698977",
"CSAFPID-2699112",
"CSAFPID-2699113",
"CSAFPID-2698457",
"CSAFPID-2698470",
"CSAFPID-2698458",
"CSAFPID-2698471",
"CSAFPID-2698459",
"CSAFPID-2699174",
"CSAFPID-2699172",
"CSAFPID-2699173",
"CSAFPID-2698636",
"CSAFPID-2698637",
"CSAFPID-2698638",
"CSAFPID-2698982",
"CSAFPID-2698976",
"CSAFPID-2698979"
]
}
],
"title": "CVE-2025-30722"
}
]
}
tid-330
Vulnerability from emb3d
Type
Description
Algorithms or code implementations of cryptographic processes will sometimes leak information by ending operations early or late based on, and correlated with, the input/key. If a threat actor is able to execute code on a processor performing a cryptographic operation, they may be able to infer the resulting key from that operation by measuring the timing it takes to perform the various functions.
CWE
- CWE-208: Observable Timing Discrepancy (Base)
- CWE-1254: Incorrect Comparison Logic Granularity (Base)
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…