Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-20852 (GCVE-0-2018-20852)
Vulnerability from cvelistv5 – Published: 2019-07-13 20:29 – Updated: 2024-08-05 12:12
VLAI
EPSS
Summary
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
18 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.python.org/issue35121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://python-security.readthedocs.io/vuln/cookie-domain-check.html"
},
{
"name": "[debian-lts-announce] 20190817 [SECURITY] [DLA 1889-1] python3.4 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html"
},
{
"name": "openSUSE-SU-2019:1988",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html"
},
{
"name": "openSUSE-SU-2019:1989",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html"
},
{
"name": "[debian-lts-announce] 20190831 [SECURITY] [DLA 1906-1] python2.7 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00040.html"
},
{
"name": "USN-4127-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4127-2/"
},
{
"name": "USN-4127-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4127-1/"
},
{
"name": "RHSA-2019:3725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3725"
},
{
"name": "FEDORA-2019-0d3fcae639",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/"
},
{
"name": "FEDORA-2019-74ba24605e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/"
},
{
"name": "FEDORA-2019-758824a3ff",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/"
},
{
"name": "RHSA-2019:3948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3948"
},
{
"name": "openSUSE-SU-2020:0086",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
},
{
"name": "GLSA-202003-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-22T16:06:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.python.org/issue35121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://python-security.readthedocs.io/vuln/cookie-domain-check.html"
},
{
"name": "[debian-lts-announce] 20190817 [SECURITY] [DLA 1889-1] python3.4 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html"
},
{
"name": "openSUSE-SU-2019:1988",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html"
},
{
"name": "openSUSE-SU-2019:1989",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html"
},
{
"name": "[debian-lts-announce] 20190831 [SECURITY] [DLA 1906-1] python2.7 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00040.html"
},
{
"name": "USN-4127-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4127-2/"
},
{
"name": "USN-4127-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4127-1/"
},
{
"name": "RHSA-2019:3725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3725"
},
{
"name": "FEDORA-2019-0d3fcae639",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/"
},
{
"name": "FEDORA-2019-74ba24605e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/"
},
{
"name": "FEDORA-2019-758824a3ff",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/"
},
{
"name": "RHSA-2019:3948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3948"
},
{
"name": "openSUSE-SU-2020:0086",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
},
{
"name": "GLSA-202003-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.python.org/issue35121",
"refsource": "MISC",
"url": "https://bugs.python.org/issue35121"
},
{
"name": "https://python-security.readthedocs.io/vuln/cookie-domain-check.html",
"refsource": "MISC",
"url": "https://python-security.readthedocs.io/vuln/cookie-domain-check.html"
},
{
"name": "[debian-lts-announce] 20190817 [SECURITY] [DLA 1889-1] python3.4 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html"
},
{
"name": "openSUSE-SU-2019:1988",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html"
},
{
"name": "openSUSE-SU-2019:1989",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html"
},
{
"name": "[debian-lts-announce] 20190831 [SECURITY] [DLA 1906-1] python2.7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00040.html"
},
{
"name": "USN-4127-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4127-2/"
},
{
"name": "USN-4127-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4127-1/"
},
{
"name": "RHSA-2019:3725",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3725"
},
{
"name": "FEDORA-2019-0d3fcae639",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/"
},
{
"name": "FEDORA-2019-74ba24605e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/"
},
{
"name": "FEDORA-2019-758824a3ff",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/"
},
{
"name": "RHSA-2019:3948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3948"
},
{
"name": "openSUSE-SU-2020:0086",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
},
{
"name": "GLSA-202003-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-26"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20852",
"datePublished": "2019-07-13T20:29:42.000Z",
"dateReserved": "2019-07-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:12:29.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-20852",
"date": "2026-06-01",
"epss": "0.01665",
"percentile": "0.82401"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0\", \"versionEndIncluding\": \"2.7.16\", \"matchCriteriaId\": \"573B27AF-F9CA-4DA8-89B2-6AD6D61CDFDE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndExcluding\": \"3.4.10\", \"matchCriteriaId\": \"C1E55AC4-366D-497C-A541-A7BA86084846\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.5.0\", \"versionEndExcluding\": \"3.5.7\", \"matchCriteriaId\": \"BA03C7E0-BBBD-48B7-8B55-D21114F7AE78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.6.0\", \"versionEndExcluding\": \"3.6.9\", \"matchCriteriaId\": \"2C052B2D-757B-4342-8BE9-510A08599779\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.7.0\", \"versionEndExcluding\": \"3.7.3\", \"matchCriteriaId\": \"4C910F83-E507-4572-93B0-740BFBA89B7A\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.\"}, {\"lang\": \"es\", \"value\": \"http.cookiejar.DefaultPolicy.domain_return_ok en Lib / http / cookiejar.py en Python en versiones anteriores a la 3.7.3 no valida correctamente el dominio: se puede enga\\u00f1ar para que env\\u00ede las cookies existentes al servidor incorrecto. Un atacante puede abusar de este fallo al usar un servidor con un nombre de host que tiene otro nombre de host v\\u00e1lido como sufijo (por ejemplo, pythonicexample.com para robar cookies para example.com). Cuando un programa utiliza http.cookiejar.DefaultPolicy e intenta hacer una conexi\\u00f3n HTTP a un servidor controlado por un atacante, las cookies existentes pueden ser filtradas al atacante. Esto afecta a la versi\\u00f3n 2.x hasta la versi\\u00f3n 2.7.16, versi\\u00f3n 3.x en versiones anteriores a la 3.4.10, versi\\u00f3n 3.5.x en versiones anteriores a la 3.5.7, versi\\u00f3n 3.6.x en versiones anteriores a la 3.6.9 y versi\\u00f3n 3.7.x en versiones anteriores a la 3.7.3.\"}]",
"id": "CVE-2018-20852",
"lastModified": "2024-11-21T04:02:18.780",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-07-13T21:15:10.377",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3725\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3948\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugs.python.org/issue35121\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/08/msg00040.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://python-security.readthedocs.io/vuln/cookie-domain-check.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-26\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/4127-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/4127-2/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3725\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3948\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.python.org/issue35121\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/08/msg00040.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://python-security.readthedocs.io/vuln/cookie-domain-check.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-26\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/4127-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/4127-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-20852\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-07-13T21:15:10.377\",\"lastModified\":\"2024-11-21T04:02:18.780\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.\"},{\"lang\":\"es\",\"value\":\"http.cookiejar.DefaultPolicy.domain_return_ok en Lib / http / cookiejar.py en Python en versiones anteriores a la 3.7.3 no valida correctamente el dominio: se puede enga\u00f1ar para que env\u00ede las cookies existentes al servidor incorrecto. Un atacante puede abusar de este fallo al usar un servidor con un nombre de host que tiene otro nombre de host v\u00e1lido como sufijo (por ejemplo, pythonicexample.com para robar cookies para example.com). Cuando un programa utiliza http.cookiejar.DefaultPolicy e intenta hacer una conexi\u00f3n HTTP a un servidor controlado por un atacante, las cookies existentes pueden ser filtradas al atacante. Esto afecta a la versi\u00f3n 2.x hasta la versi\u00f3n 2.7.16, versi\u00f3n 3.x en versiones anteriores a la 3.4.10, versi\u00f3n 3.5.x en versiones anteriores a la 3.5.7, versi\u00f3n 3.6.x en versiones anteriores a la 3.6.9 y versi\u00f3n 3.7.x en versiones anteriores a la 3.7.3.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0\",\"versionEndIncluding\":\"2.7.16\",\"matchCriteriaId\":\"573B27AF-F9CA-4DA8-89B2-6AD6D61CDFDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.4.10\",\"matchCriteriaId\":\"C1E55AC4-366D-497C-A541-A7BA86084846\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.5.0\",\"versionEndExcluding\":\"3.5.7\",\"matchCriteriaId\":\"BA03C7E0-BBBD-48B7-8B55-D21114F7AE78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.6.0\",\"versionEndExcluding\":\"3.6.9\",\"matchCriteriaId\":\"2C052B2D-757B-4342-8BE9-510A08599779\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.7.0\",\"versionEndExcluding\":\"3.7.3\",\"matchCriteriaId\":\"4C910F83-E507-4572-93B0-740BFBA89B7A\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3725\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3948\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.python.org/issue35121\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00040.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://python-security.readthedocs.io/vuln/cookie-domain-check.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-26\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4127-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4127-2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3725\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3948\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.python.org/issue35121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://python-security.readthedocs.io/vuln/cookie-domain-check.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-26\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4127-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4127-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
GSD-2018-20852
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-20852",
"description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",
"id": "GSD-2018-20852",
"references": [
"https://www.suse.com/security/cve/CVE-2018-20852.html",
"https://access.redhat.com/errata/RHSA-2020:1764",
"https://access.redhat.com/errata/RHSA-2020:1605",
"https://access.redhat.com/errata/RHBA-2020:1540",
"https://access.redhat.com/errata/RHBA-2020:1539",
"https://access.redhat.com/errata/RHSA-2020:1132",
"https://access.redhat.com/errata/RHSA-2020:1131",
"https://access.redhat.com/errata/RHSA-2019:3948",
"https://access.redhat.com/errata/RHSA-2019:3725",
"https://ubuntu.com/security/CVE-2018-20852",
"https://alas.aws.amazon.com/cve/html/CVE-2018-20852.html",
"https://linux.oracle.com/cve/CVE-2018-20852.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-20852"
],
"details": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",
"id": "GSD-2018-20852",
"modified": "2023-12-13T01:22:29.358880Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.python.org/issue35121",
"refsource": "MISC",
"url": "https://bugs.python.org/issue35121"
},
{
"name": "https://python-security.readthedocs.io/vuln/cookie-domain-check.html",
"refsource": "MISC",
"url": "https://python-security.readthedocs.io/vuln/cookie-domain-check.html"
},
{
"name": "[debian-lts-announce] 20190817 [SECURITY] [DLA 1889-1] python3.4 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html"
},
{
"name": "openSUSE-SU-2019:1988",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html"
},
{
"name": "openSUSE-SU-2019:1989",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html"
},
{
"name": "[debian-lts-announce] 20190831 [SECURITY] [DLA 1906-1] python2.7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00040.html"
},
{
"name": "USN-4127-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4127-2/"
},
{
"name": "USN-4127-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4127-1/"
},
{
"name": "RHSA-2019:3725",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3725"
},
{
"name": "FEDORA-2019-0d3fcae639",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/"
},
{
"name": "FEDORA-2019-74ba24605e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/"
},
{
"name": "FEDORA-2019-758824a3ff",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/"
},
{
"name": "RHSA-2019:3948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3948"
},
{
"name": "openSUSE-SU-2020:0086",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
},
{
"name": "GLSA-202003-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-26"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.7",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.7.16",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.3",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.6.9",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.4.10",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20852"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.python.org/issue35121",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.python.org/issue35121"
},
{
"name": "https://python-security.readthedocs.io/vuln/cookie-domain-check.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://python-security.readthedocs.io/vuln/cookie-domain-check.html"
},
{
"name": "[debian-lts-announce] 20190817 [SECURITY] [DLA 1889-1] python3.4 security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html"
},
{
"name": "openSUSE-SU-2019:1988",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html"
},
{
"name": "openSUSE-SU-2019:1989",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html"
},
{
"name": "[debian-lts-announce] 20190831 [SECURITY] [DLA 1906-1] python2.7 security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00040.html"
},
{
"name": "USN-4127-2",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4127-2/"
},
{
"name": "USN-4127-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4127-1/"
},
{
"name": "RHSA-2019:3725",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2019:3725"
},
{
"name": "FEDORA-2019-0d3fcae639",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/"
},
{
"name": "FEDORA-2019-74ba24605e",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/"
},
{
"name": "FEDORA-2019-758824a3ff",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/"
},
{
"name": "RHSA-2019:3948",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2019:3948"
},
{
"name": "openSUSE-SU-2020:0086",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
},
{
"name": "GLSA-202003-26",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/202003-26"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2020-08-22T17:15Z",
"publishedDate": "2019-07-13T21:15Z"
}
}
}
OPENSUSE-SU-2019:1988-1
Vulnerability from csaf_opensuse - Published: 2019-08-23 10:25 - Updated: 2019-08-23 10:25Summary
Security update for python
Severity
Moderate
Notes
Title of the patch: Security update for python
Description of the patch: This update for python fixes the following issues:
- CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-1988
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:python-2.7.14-lp150.6.17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python-2.7.14-lp150.6.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python-32bit-2.7.14-lp150.6.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python-curses-2.7.14-lp150.6.17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python-curses-2.7.14-lp150.6.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python-demo-2.7.14-lp150.6.17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python-demo-2.7.14-lp150.6.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python-gdbm-2.7.14-lp150.6.17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python-gdbm-2.7.14-lp150.6.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python-idle-2.7.14-lp150.6.17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python-idle-2.7.14-lp150.6.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python-tk-2.7.14-lp150.6.17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python-tk-2.7.14-lp150.6.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python fixes the following issues:\n\n- CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1988",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1988-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1988-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FN4KSSOYAZVKWJ6LVNFARMICI7FNMU4U/#FN4KSSOYAZVKWJ6LVNFARMICI7FNMU4U"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1988-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FN4KSSOYAZVKWJ6LVNFARMICI7FNMU4U/#FN4KSSOYAZVKWJ6LVNFARMICI7FNMU4U"
},
{
"category": "self",
"summary": "SUSE Bug 1141853",
"url": "https://bugzilla.suse.com/1141853"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20852 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20852/"
}
],
"title": "Security update for python",
"tracking": {
"current_release_date": "2019-08-23T10:25:45Z",
"generator": {
"date": "2019-08-23T10:25:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1988-1",
"initial_release_date": "2019-08-23T10:25:45Z",
"revision_history": [
{
"date": "2019-08-23T10:25:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-2.7.14-lp150.6.17.1.i586",
"product": {
"name": "python-2.7.14-lp150.6.17.1.i586",
"product_id": "python-2.7.14-lp150.6.17.1.i586"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.14-lp150.6.17.1.i586",
"product": {
"name": "python-curses-2.7.14-lp150.6.17.1.i586",
"product_id": "python-curses-2.7.14-lp150.6.17.1.i586"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.14-lp150.6.17.1.i586",
"product": {
"name": "python-demo-2.7.14-lp150.6.17.1.i586",
"product_id": "python-demo-2.7.14-lp150.6.17.1.i586"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.14-lp150.6.17.1.i586",
"product": {
"name": "python-gdbm-2.7.14-lp150.6.17.1.i586",
"product_id": "python-gdbm-2.7.14-lp150.6.17.1.i586"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.14-lp150.6.17.1.i586",
"product": {
"name": "python-idle-2.7.14-lp150.6.17.1.i586",
"product_id": "python-idle-2.7.14-lp150.6.17.1.i586"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.14-lp150.6.17.1.i586",
"product": {
"name": "python-tk-2.7.14-lp150.6.17.1.i586",
"product_id": "python-tk-2.7.14-lp150.6.17.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python-2.7.14-lp150.6.17.1.x86_64",
"product": {
"name": "python-2.7.14-lp150.6.17.1.x86_64",
"product_id": "python-2.7.14-lp150.6.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-32bit-2.7.14-lp150.6.17.1.x86_64",
"product": {
"name": "python-32bit-2.7.14-lp150.6.17.1.x86_64",
"product_id": "python-32bit-2.7.14-lp150.6.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.14-lp150.6.17.1.x86_64",
"product": {
"name": "python-curses-2.7.14-lp150.6.17.1.x86_64",
"product_id": "python-curses-2.7.14-lp150.6.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.14-lp150.6.17.1.x86_64",
"product": {
"name": "python-demo-2.7.14-lp150.6.17.1.x86_64",
"product_id": "python-demo-2.7.14-lp150.6.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.14-lp150.6.17.1.x86_64",
"product": {
"name": "python-gdbm-2.7.14-lp150.6.17.1.x86_64",
"product_id": "python-gdbm-2.7.14-lp150.6.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.14-lp150.6.17.1.x86_64",
"product": {
"name": "python-idle-2.7.14-lp150.6.17.1.x86_64",
"product_id": "python-idle-2.7.14-lp150.6.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.14-lp150.6.17.1.x86_64",
"product": {
"name": "python-tk-2.7.14-lp150.6.17.1.x86_64",
"product_id": "python-tk-2.7.14-lp150.6.17.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.14-lp150.6.17.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python-2.7.14-lp150.6.17.1.i586"
},
"product_reference": "python-2.7.14-lp150.6.17.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.14-lp150.6.17.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python-2.7.14-lp150.6.17.1.x86_64"
},
"product_reference": "python-2.7.14-lp150.6.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-32bit-2.7.14-lp150.6.17.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python-32bit-2.7.14-lp150.6.17.1.x86_64"
},
"product_reference": "python-32bit-2.7.14-lp150.6.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.14-lp150.6.17.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python-curses-2.7.14-lp150.6.17.1.i586"
},
"product_reference": "python-curses-2.7.14-lp150.6.17.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.14-lp150.6.17.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python-curses-2.7.14-lp150.6.17.1.x86_64"
},
"product_reference": "python-curses-2.7.14-lp150.6.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-demo-2.7.14-lp150.6.17.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python-demo-2.7.14-lp150.6.17.1.i586"
},
"product_reference": "python-demo-2.7.14-lp150.6.17.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-demo-2.7.14-lp150.6.17.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python-demo-2.7.14-lp150.6.17.1.x86_64"
},
"product_reference": "python-demo-2.7.14-lp150.6.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.14-lp150.6.17.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python-gdbm-2.7.14-lp150.6.17.1.i586"
},
"product_reference": "python-gdbm-2.7.14-lp150.6.17.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.14-lp150.6.17.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python-gdbm-2.7.14-lp150.6.17.1.x86_64"
},
"product_reference": "python-gdbm-2.7.14-lp150.6.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idle-2.7.14-lp150.6.17.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python-idle-2.7.14-lp150.6.17.1.i586"
},
"product_reference": "python-idle-2.7.14-lp150.6.17.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idle-2.7.14-lp150.6.17.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python-idle-2.7.14-lp150.6.17.1.x86_64"
},
"product_reference": "python-idle-2.7.14-lp150.6.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tk-2.7.14-lp150.6.17.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python-tk-2.7.14-lp150.6.17.1.i586"
},
"product_reference": "python-tk-2.7.14-lp150.6.17.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tk-2.7.14-lp150.6.17.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python-tk-2.7.14-lp150.6.17.1.x86_64"
},
"product_reference": "python-tk-2.7.14-lp150.6.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-20852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20852"
}
],
"notes": [
{
"category": "general",
"text": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:python-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-32bit-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-curses-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-curses-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-demo-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-demo-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-gdbm-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-gdbm-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-idle-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-idle-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-tk-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-tk-2.7.14-lp150.6.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20852",
"url": "https://www.suse.com/security/cve/CVE-2018-20852"
},
{
"category": "external",
"summary": "SUSE Bug 1141853 for CVE-2018-20852",
"url": "https://bugzilla.suse.com/1141853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:python-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-32bit-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-curses-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-curses-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-demo-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-demo-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-gdbm-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-gdbm-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-idle-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-idle-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-tk-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-tk-2.7.14-lp150.6.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:python-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-32bit-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-curses-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-curses-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-demo-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-demo-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-gdbm-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-gdbm-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-idle-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-idle-2.7.14-lp150.6.17.1.x86_64",
"openSUSE Leap 15.0:python-tk-2.7.14-lp150.6.17.1.i586",
"openSUSE Leap 15.0:python-tk-2.7.14-lp150.6.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-23T10:25:45Z",
"details": "moderate"
}
],
"title": "CVE-2018-20852"
}
]
}
OPENSUSE-SU-2019:1989-1
Vulnerability from csaf_opensuse - Published: 2019-08-23 10:25 - Updated: 2019-08-23 10:25Summary
Security update for python
Severity
Moderate
Notes
Title of the patch: Security update for python
Description of the patch: This update for python fixes the following issues:
- CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-1989
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython2_7-1_0-2.7.14-lp151.10.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython2_7-1_0-2.7.14-lp151.10.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython2_7-1_0-32bit-2.7.14-lp151.10.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-2.7.14-lp151.10.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-2.7.14-lp151.10.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-32bit-2.7.14-lp151.10.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-base-2.7.14-lp151.10.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-base-2.7.14-lp151.10.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-base-32bit-2.7.14-lp151.10.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-curses-2.7.14-lp151.10.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-curses-2.7.14-lp151.10.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-demo-2.7.14-lp151.10.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-demo-2.7.14-lp151.10.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-devel-2.7.14-lp151.10.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-devel-2.7.14-lp151.10.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-doc-2.7.14-lp151.10.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-doc-pdf-2.7.14-lp151.10.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gdbm-2.7.14-lp151.10.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gdbm-2.7.14-lp151.10.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-idle-2.7.14-lp151.10.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-idle-2.7.14-lp151.10.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-tk-2.7.14-lp151.10.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-tk-2.7.14-lp151.10.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-xml-2.7.14-lp151.10.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-xml-2.7.14-lp151.10.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python fixes the following issues:\n\n- CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1989",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1989-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1989-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QVPJ24WT4VQT4UAT45QHBIGS74L2XEU7/#QVPJ24WT4VQT4UAT45QHBIGS74L2XEU7"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1989-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QVPJ24WT4VQT4UAT45QHBIGS74L2XEU7/#QVPJ24WT4VQT4UAT45QHBIGS74L2XEU7"
},
{
"category": "self",
"summary": "SUSE Bug 1141853",
"url": "https://bugzilla.suse.com/1141853"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20852 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20852/"
}
],
"title": "Security update for python",
"tracking": {
"current_release_date": "2019-08-23T10:25:57Z",
"generator": {
"date": "2019-08-23T10:25:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1989-1",
"initial_release_date": "2019-08-23T10:25:57Z",
"revision_history": [
{
"date": "2019-08-23T10:25:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-2.7.14-lp151.10.7.1.i586",
"product": {
"name": "libpython2_7-1_0-2.7.14-lp151.10.7.1.i586",
"product_id": "libpython2_7-1_0-2.7.14-lp151.10.7.1.i586"
}
},
{
"category": "product_version",
"name": "python-2.7.14-lp151.10.7.1.i586",
"product": {
"name": "python-2.7.14-lp151.10.7.1.i586",
"product_id": "python-2.7.14-lp151.10.7.1.i586"
}
},
{
"category": "product_version",
"name": "python-base-2.7.14-lp151.10.7.1.i586",
"product": {
"name": "python-base-2.7.14-lp151.10.7.1.i586",
"product_id": "python-base-2.7.14-lp151.10.7.1.i586"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.14-lp151.10.7.1.i586",
"product": {
"name": "python-curses-2.7.14-lp151.10.7.1.i586",
"product_id": "python-curses-2.7.14-lp151.10.7.1.i586"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.14-lp151.10.7.1.i586",
"product": {
"name": "python-demo-2.7.14-lp151.10.7.1.i586",
"product_id": "python-demo-2.7.14-lp151.10.7.1.i586"
}
},
{
"category": "product_version",
"name": "python-devel-2.7.14-lp151.10.7.1.i586",
"product": {
"name": "python-devel-2.7.14-lp151.10.7.1.i586",
"product_id": "python-devel-2.7.14-lp151.10.7.1.i586"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.14-lp151.10.7.1.i586",
"product": {
"name": "python-gdbm-2.7.14-lp151.10.7.1.i586",
"product_id": "python-gdbm-2.7.14-lp151.10.7.1.i586"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.14-lp151.10.7.1.i586",
"product": {
"name": "python-idle-2.7.14-lp151.10.7.1.i586",
"product_id": "python-idle-2.7.14-lp151.10.7.1.i586"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.14-lp151.10.7.1.i586",
"product": {
"name": "python-tk-2.7.14-lp151.10.7.1.i586",
"product_id": "python-tk-2.7.14-lp151.10.7.1.i586"
}
},
{
"category": "product_version",
"name": "python-xml-2.7.14-lp151.10.7.1.i586",
"product": {
"name": "python-xml-2.7.14-lp151.10.7.1.i586",
"product_id": "python-xml-2.7.14-lp151.10.7.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python-doc-2.7.14-lp151.10.7.1.noarch",
"product": {
"name": "python-doc-2.7.14-lp151.10.7.1.noarch",
"product_id": "python-doc-2.7.14-lp151.10.7.1.noarch"
}
},
{
"category": "product_version",
"name": "python-doc-pdf-2.7.14-lp151.10.7.1.noarch",
"product": {
"name": "python-doc-pdf-2.7.14-lp151.10.7.1.noarch",
"product_id": "python-doc-pdf-2.7.14-lp151.10.7.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-2.7.14-lp151.10.7.1.x86_64",
"product": {
"name": "libpython2_7-1_0-2.7.14-lp151.10.7.1.x86_64",
"product_id": "libpython2_7-1_0-2.7.14-lp151.10.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpython2_7-1_0-32bit-2.7.14-lp151.10.7.1.x86_64",
"product": {
"name": "libpython2_7-1_0-32bit-2.7.14-lp151.10.7.1.x86_64",
"product_id": "libpython2_7-1_0-32bit-2.7.14-lp151.10.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-2.7.14-lp151.10.7.1.x86_64",
"product": {
"name": "python-2.7.14-lp151.10.7.1.x86_64",
"product_id": "python-2.7.14-lp151.10.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-32bit-2.7.14-lp151.10.7.1.x86_64",
"product": {
"name": "python-32bit-2.7.14-lp151.10.7.1.x86_64",
"product_id": "python-32bit-2.7.14-lp151.10.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-base-2.7.14-lp151.10.7.1.x86_64",
"product": {
"name": "python-base-2.7.14-lp151.10.7.1.x86_64",
"product_id": "python-base-2.7.14-lp151.10.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-base-32bit-2.7.14-lp151.10.7.1.x86_64",
"product": {
"name": "python-base-32bit-2.7.14-lp151.10.7.1.x86_64",
"product_id": "python-base-32bit-2.7.14-lp151.10.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.14-lp151.10.7.1.x86_64",
"product": {
"name": "python-curses-2.7.14-lp151.10.7.1.x86_64",
"product_id": "python-curses-2.7.14-lp151.10.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.14-lp151.10.7.1.x86_64",
"product": {
"name": "python-demo-2.7.14-lp151.10.7.1.x86_64",
"product_id": "python-demo-2.7.14-lp151.10.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-devel-2.7.14-lp151.10.7.1.x86_64",
"product": {
"name": "python-devel-2.7.14-lp151.10.7.1.x86_64",
"product_id": "python-devel-2.7.14-lp151.10.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.14-lp151.10.7.1.x86_64",
"product": {
"name": "python-gdbm-2.7.14-lp151.10.7.1.x86_64",
"product_id": "python-gdbm-2.7.14-lp151.10.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.14-lp151.10.7.1.x86_64",
"product": {
"name": "python-idle-2.7.14-lp151.10.7.1.x86_64",
"product_id": "python-idle-2.7.14-lp151.10.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.14-lp151.10.7.1.x86_64",
"product": {
"name": "python-tk-2.7.14-lp151.10.7.1.x86_64",
"product_id": "python-tk-2.7.14-lp151.10.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-xml-2.7.14-lp151.10.7.1.x86_64",
"product": {
"name": "python-xml-2.7.14-lp151.10.7.1.x86_64",
"product_id": "python-xml-2.7.14-lp151.10.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.14-lp151.10.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpython2_7-1_0-2.7.14-lp151.10.7.1.i586"
},
"product_reference": "libpython2_7-1_0-2.7.14-lp151.10.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.14-lp151.10.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpython2_7-1_0-2.7.14-lp151.10.7.1.x86_64"
},
"product_reference": "libpython2_7-1_0-2.7.14-lp151.10.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-32bit-2.7.14-lp151.10.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpython2_7-1_0-32bit-2.7.14-lp151.10.7.1.x86_64"
},
"product_reference": "libpython2_7-1_0-32bit-2.7.14-lp151.10.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.14-lp151.10.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-2.7.14-lp151.10.7.1.i586"
},
"product_reference": "python-2.7.14-lp151.10.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.14-lp151.10.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-2.7.14-lp151.10.7.1.x86_64"
},
"product_reference": "python-2.7.14-lp151.10.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-32bit-2.7.14-lp151.10.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-32bit-2.7.14-lp151.10.7.1.x86_64"
},
"product_reference": "python-32bit-2.7.14-lp151.10.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.14-lp151.10.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-base-2.7.14-lp151.10.7.1.i586"
},
"product_reference": "python-base-2.7.14-lp151.10.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.14-lp151.10.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-base-2.7.14-lp151.10.7.1.x86_64"
},
"product_reference": "python-base-2.7.14-lp151.10.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-32bit-2.7.14-lp151.10.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-base-32bit-2.7.14-lp151.10.7.1.x86_64"
},
"product_reference": "python-base-32bit-2.7.14-lp151.10.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.14-lp151.10.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-curses-2.7.14-lp151.10.7.1.i586"
},
"product_reference": "python-curses-2.7.14-lp151.10.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.14-lp151.10.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-curses-2.7.14-lp151.10.7.1.x86_64"
},
"product_reference": "python-curses-2.7.14-lp151.10.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-demo-2.7.14-lp151.10.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-demo-2.7.14-lp151.10.7.1.i586"
},
"product_reference": "python-demo-2.7.14-lp151.10.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-demo-2.7.14-lp151.10.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-demo-2.7.14-lp151.10.7.1.x86_64"
},
"product_reference": "python-demo-2.7.14-lp151.10.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-2.7.14-lp151.10.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-devel-2.7.14-lp151.10.7.1.i586"
},
"product_reference": "python-devel-2.7.14-lp151.10.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-2.7.14-lp151.10.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-devel-2.7.14-lp151.10.7.1.x86_64"
},
"product_reference": "python-devel-2.7.14-lp151.10.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-doc-2.7.14-lp151.10.7.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-doc-2.7.14-lp151.10.7.1.noarch"
},
"product_reference": "python-doc-2.7.14-lp151.10.7.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-doc-pdf-2.7.14-lp151.10.7.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-doc-pdf-2.7.14-lp151.10.7.1.noarch"
},
"product_reference": "python-doc-pdf-2.7.14-lp151.10.7.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.14-lp151.10.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-gdbm-2.7.14-lp151.10.7.1.i586"
},
"product_reference": "python-gdbm-2.7.14-lp151.10.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.14-lp151.10.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-gdbm-2.7.14-lp151.10.7.1.x86_64"
},
"product_reference": "python-gdbm-2.7.14-lp151.10.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idle-2.7.14-lp151.10.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-idle-2.7.14-lp151.10.7.1.i586"
},
"product_reference": "python-idle-2.7.14-lp151.10.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idle-2.7.14-lp151.10.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-idle-2.7.14-lp151.10.7.1.x86_64"
},
"product_reference": "python-idle-2.7.14-lp151.10.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tk-2.7.14-lp151.10.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-tk-2.7.14-lp151.10.7.1.i586"
},
"product_reference": "python-tk-2.7.14-lp151.10.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tk-2.7.14-lp151.10.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-tk-2.7.14-lp151.10.7.1.x86_64"
},
"product_reference": "python-tk-2.7.14-lp151.10.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.14-lp151.10.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-xml-2.7.14-lp151.10.7.1.i586"
},
"product_reference": "python-xml-2.7.14-lp151.10.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.14-lp151.10.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-xml-2.7.14-lp151.10.7.1.x86_64"
},
"product_reference": "python-xml-2.7.14-lp151.10.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-20852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20852"
}
],
"notes": [
{
"category": "general",
"text": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython2_7-1_0-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:libpython2_7-1_0-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:libpython2_7-1_0-32bit-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-32bit-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-base-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-base-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-base-32bit-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-curses-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-curses-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-demo-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-demo-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-devel-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-devel-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-doc-2.7.14-lp151.10.7.1.noarch",
"openSUSE Leap 15.1:python-doc-pdf-2.7.14-lp151.10.7.1.noarch",
"openSUSE Leap 15.1:python-gdbm-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-gdbm-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-idle-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-idle-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-tk-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-tk-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-xml-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-xml-2.7.14-lp151.10.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20852",
"url": "https://www.suse.com/security/cve/CVE-2018-20852"
},
{
"category": "external",
"summary": "SUSE Bug 1141853 for CVE-2018-20852",
"url": "https://bugzilla.suse.com/1141853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython2_7-1_0-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:libpython2_7-1_0-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:libpython2_7-1_0-32bit-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-32bit-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-base-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-base-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-base-32bit-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-curses-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-curses-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-demo-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-demo-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-devel-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-devel-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-doc-2.7.14-lp151.10.7.1.noarch",
"openSUSE Leap 15.1:python-doc-pdf-2.7.14-lp151.10.7.1.noarch",
"openSUSE Leap 15.1:python-gdbm-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-gdbm-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-idle-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-idle-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-tk-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-tk-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-xml-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-xml-2.7.14-lp151.10.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython2_7-1_0-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:libpython2_7-1_0-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:libpython2_7-1_0-32bit-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-32bit-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-base-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-base-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-base-32bit-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-curses-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-curses-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-demo-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-demo-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-devel-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-devel-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-doc-2.7.14-lp151.10.7.1.noarch",
"openSUSE Leap 15.1:python-doc-pdf-2.7.14-lp151.10.7.1.noarch",
"openSUSE Leap 15.1:python-gdbm-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-gdbm-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-idle-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-idle-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-tk-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-tk-2.7.14-lp151.10.7.1.x86_64",
"openSUSE Leap 15.1:python-xml-2.7.14-lp151.10.7.1.i586",
"openSUSE Leap 15.1:python-xml-2.7.14-lp151.10.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-23T10:25:57Z",
"details": "moderate"
}
],
"title": "CVE-2018-20852"
}
]
}
OPENSUSE-SU-2020:0086-1
Vulnerability from csaf_opensuse - Published: 2020-01-21 15:12 - Updated: 2020-01-21 15:12Summary
Security update for python3
Severity
Important
Notes
Title of the patch: Security update for python3
Description of the patch: This update for python3 to version 3.6.10 fixes the following issues:
- CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507).
- CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955).
- CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2020-86
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.5 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.4 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
180 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python3 to version 3.6.10 fixes the following issues:\n\n- CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507).\n- CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955).\n- CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-86",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0086-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0086-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SRKGGFVSV7DDWCMAOSO6E3F66U2CF5XR/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0086-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SRKGGFVSV7DDWCMAOSO6E3F66U2CF5XR/"
},
{
"category": "self",
"summary": "SUSE Bug 1027282",
"url": "https://bugzilla.suse.com/1027282"
},
{
"category": "self",
"summary": "SUSE Bug 1029377",
"url": "https://bugzilla.suse.com/1029377"
},
{
"category": "self",
"summary": "SUSE Bug 1029902",
"url": "https://bugzilla.suse.com/1029902"
},
{
"category": "self",
"summary": "SUSE Bug 1040164",
"url": "https://bugzilla.suse.com/1040164"
},
{
"category": "self",
"summary": "SUSE Bug 1042670",
"url": "https://bugzilla.suse.com/1042670"
},
{
"category": "self",
"summary": "SUSE Bug 1070853",
"url": "https://bugzilla.suse.com/1070853"
},
{
"category": "self",
"summary": "SUSE Bug 1079761",
"url": "https://bugzilla.suse.com/1079761"
},
{
"category": "self",
"summary": "SUSE Bug 1081750",
"url": "https://bugzilla.suse.com/1081750"
},
{
"category": "self",
"summary": "SUSE Bug 1083507",
"url": "https://bugzilla.suse.com/1083507"
},
{
"category": "self",
"summary": "SUSE Bug 1086001",
"url": "https://bugzilla.suse.com/1086001"
},
{
"category": "self",
"summary": "SUSE Bug 1088004",
"url": "https://bugzilla.suse.com/1088004"
},
{
"category": "self",
"summary": "SUSE Bug 1088009",
"url": "https://bugzilla.suse.com/1088009"
},
{
"category": "self",
"summary": "SUSE Bug 1088573",
"url": "https://bugzilla.suse.com/1088573"
},
{
"category": "self",
"summary": "SUSE Bug 1094814",
"url": "https://bugzilla.suse.com/1094814"
},
{
"category": "self",
"summary": "SUSE Bug 1107030",
"url": "https://bugzilla.suse.com/1107030"
},
{
"category": "self",
"summary": "SUSE Bug 1109663",
"url": "https://bugzilla.suse.com/1109663"
},
{
"category": "self",
"summary": "SUSE Bug 1109847",
"url": "https://bugzilla.suse.com/1109847"
},
{
"category": "self",
"summary": "SUSE Bug 1120644",
"url": "https://bugzilla.suse.com/1120644"
},
{
"category": "self",
"summary": "SUSE Bug 1122191",
"url": "https://bugzilla.suse.com/1122191"
},
{
"category": "self",
"summary": "SUSE Bug 1129346",
"url": "https://bugzilla.suse.com/1129346"
},
{
"category": "self",
"summary": "SUSE Bug 1130840",
"url": "https://bugzilla.suse.com/1130840"
},
{
"category": "self",
"summary": "SUSE Bug 1133452",
"url": "https://bugzilla.suse.com/1133452"
},
{
"category": "self",
"summary": "SUSE Bug 1137942",
"url": "https://bugzilla.suse.com/1137942"
},
{
"category": "self",
"summary": "SUSE Bug 1138459",
"url": "https://bugzilla.suse.com/1138459"
},
{
"category": "self",
"summary": "SUSE Bug 1141853",
"url": "https://bugzilla.suse.com/1141853"
},
{
"category": "self",
"summary": "SUSE Bug 1149121",
"url": "https://bugzilla.suse.com/1149121"
},
{
"category": "self",
"summary": "SUSE Bug 1149792",
"url": "https://bugzilla.suse.com/1149792"
},
{
"category": "self",
"summary": "SUSE Bug 1149955",
"url": "https://bugzilla.suse.com/1149955"
},
{
"category": "self",
"summary": "SUSE Bug 1151490",
"url": "https://bugzilla.suse.com/1151490"
},
{
"category": "self",
"summary": "SUSE Bug 1153238",
"url": "https://bugzilla.suse.com/1153238"
},
{
"category": "self",
"summary": "SUSE Bug 1159035",
"url": "https://bugzilla.suse.com/1159035"
},
{
"category": "self",
"summary": "SUSE Bug 1159622",
"url": "https://bugzilla.suse.com/1159622"
},
{
"category": "self",
"summary": "SUSE Bug 637176",
"url": "https://bugzilla.suse.com/637176"
},
{
"category": "self",
"summary": "SUSE Bug 658604",
"url": "https://bugzilla.suse.com/658604"
},
{
"category": "self",
"summary": "SUSE Bug 673071",
"url": "https://bugzilla.suse.com/673071"
},
{
"category": "self",
"summary": "SUSE Bug 709442",
"url": "https://bugzilla.suse.com/709442"
},
{
"category": "self",
"summary": "SUSE Bug 743787",
"url": "https://bugzilla.suse.com/743787"
},
{
"category": "self",
"summary": "SUSE Bug 747125",
"url": "https://bugzilla.suse.com/747125"
},
{
"category": "self",
"summary": "SUSE Bug 751718",
"url": "https://bugzilla.suse.com/751718"
},
{
"category": "self",
"summary": "SUSE Bug 754447",
"url": "https://bugzilla.suse.com/754447"
},
{
"category": "self",
"summary": "SUSE Bug 754677",
"url": "https://bugzilla.suse.com/754677"
},
{
"category": "self",
"summary": "SUSE Bug 787526",
"url": "https://bugzilla.suse.com/787526"
},
{
"category": "self",
"summary": "SUSE Bug 809831",
"url": "https://bugzilla.suse.com/809831"
},
{
"category": "self",
"summary": "SUSE Bug 831629",
"url": "https://bugzilla.suse.com/831629"
},
{
"category": "self",
"summary": "SUSE Bug 834601",
"url": "https://bugzilla.suse.com/834601"
},
{
"category": "self",
"summary": "SUSE Bug 871152",
"url": "https://bugzilla.suse.com/871152"
},
{
"category": "self",
"summary": "SUSE Bug 885662",
"url": "https://bugzilla.suse.com/885662"
},
{
"category": "self",
"summary": "SUSE Bug 885882",
"url": "https://bugzilla.suse.com/885882"
},
{
"category": "self",
"summary": "SUSE Bug 917607",
"url": "https://bugzilla.suse.com/917607"
},
{
"category": "self",
"summary": "SUSE Bug 942751",
"url": "https://bugzilla.suse.com/942751"
},
{
"category": "self",
"summary": "SUSE Bug 951166",
"url": "https://bugzilla.suse.com/951166"
},
{
"category": "self",
"summary": "SUSE Bug 983582",
"url": "https://bugzilla.suse.com/983582"
},
{
"category": "self",
"summary": "SUSE Bug 984751",
"url": "https://bugzilla.suse.com/984751"
},
{
"category": "self",
"summary": "SUSE Bug 985177",
"url": "https://bugzilla.suse.com/985177"
},
{
"category": "self",
"summary": "SUSE Bug 985348",
"url": "https://bugzilla.suse.com/985348"
},
{
"category": "self",
"summary": "SUSE Bug 989523",
"url": "https://bugzilla.suse.com/989523"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3389 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-4944 page",
"url": "https://www.suse.com/security/cve/CVE-2011-4944/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-0845 page",
"url": "https://www.suse.com/security/cve/CVE-2012-0845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1150 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-1752 page",
"url": "https://www.suse.com/security/cve/CVE-2013-1752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-4238 page",
"url": "https://www.suse.com/security/cve/CVE-2013-4238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-2667 page",
"url": "https://www.suse.com/security/cve/CVE-2014-2667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4650 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0772 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1000110 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1000110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5636 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5699 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18207 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000802 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1060 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1061 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14647 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20406 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20852 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10160 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15903 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16056 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16935 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5010 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9636 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9947 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9947/"
}
],
"title": "Security update for python3",
"tracking": {
"current_release_date": "2020-01-21T15:12:01Z",
"generator": {
"date": "2020-01-21T15:12:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0086-1",
"initial_release_date": "2020-01-21T15:12:01Z",
"revision_history": [
{
"date": "2020-01-21T15:12:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"product_id": "libpython3_6m1_0-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-base-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-base-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-base-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-curses-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-curses-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-curses-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-dbm-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-dbm-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-dbm-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-devel-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-devel-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-devel-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-idle-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-idle-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-idle-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-testsuite-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-testsuite-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-testsuite-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-tk-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-tk-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-tk-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-tools-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-tools-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-tools-3.6.10-lp151.6.7.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"product_id": "libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"product_id": "libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-32bit-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-base-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-base-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-base-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-base-32bit-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-curses-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-curses-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-curses-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-dbm-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-devel-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-devel-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-devel-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-idle-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-idle-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-idle-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-testsuite-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-tk-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-tk-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-tk-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-tools-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-tools-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-tools-3.6.10-lp151.6.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-32bit-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-base-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-base-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-base-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-base-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-curses-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-curses-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-curses-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-curses-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-dbm-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-dbm-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-dbm-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-devel-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-devel-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-devel-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-devel-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idle-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-idle-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idle-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-idle-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-testsuite-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-testsuite-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-testsuite-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tk-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-tk-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tk-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-tk-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tools-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-tools-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tools-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-tools-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-3389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3389"
}
],
"notes": [
{
"category": "general",
"text": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3389",
"url": "https://www.suse.com/security/cve/CVE-2011-3389"
},
{
"category": "external",
"summary": "SUSE Bug 716002 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/716002"
},
{
"category": "external",
"summary": "SUSE Bug 719047 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/719047"
},
{
"category": "external",
"summary": "SUSE Bug 725167 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/725167"
},
{
"category": "external",
"summary": "SUSE Bug 726096 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/726096"
},
{
"category": "external",
"summary": "SUSE Bug 739248 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/739248"
},
{
"category": "external",
"summary": "SUSE Bug 739256 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/739256"
},
{
"category": "external",
"summary": "SUSE Bug 742306 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/742306"
},
{
"category": "external",
"summary": "SUSE Bug 751718 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/751718"
},
{
"category": "external",
"summary": "SUSE Bug 759666 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/759666"
},
{
"category": "external",
"summary": "SUSE Bug 763598 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/763598"
},
{
"category": "external",
"summary": "SUSE Bug 814655 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/814655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2011-3389"
},
{
"cve": "CVE-2011-4944",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-4944"
}
],
"notes": [
{
"category": "general",
"text": "Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-4944",
"url": "https://www.suse.com/security/cve/CVE-2011-4944"
},
{
"category": "external",
"summary": "SUSE Bug 754447 for CVE-2011-4944",
"url": "https://bugzilla.suse.com/754447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "low"
}
],
"title": "CVE-2011-4944"
},
{
"cve": "CVE-2012-0845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-0845"
}
],
"notes": [
{
"category": "general",
"text": "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-0845",
"url": "https://www.suse.com/security/cve/CVE-2012-0845"
},
{
"category": "external",
"summary": "SUSE Bug 747125 for CVE-2012-0845",
"url": "https://bugzilla.suse.com/747125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2012-0845"
},
{
"cve": "CVE-2012-1150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1150"
}
],
"notes": [
{
"category": "general",
"text": "Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1150",
"url": "https://www.suse.com/security/cve/CVE-2012-1150"
},
{
"category": "external",
"summary": "SUSE Bug 751718 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/751718"
},
{
"category": "external",
"summary": "SUSE Bug 755383 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/755383"
},
{
"category": "external",
"summary": "SUSE Bug 826682 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/826682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2012-1150"
},
{
"cve": "CVE-2013-1752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-1752"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 \"Independently Fixable\" in the CVE Counting Decisions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-1752",
"url": "https://www.suse.com/security/cve/CVE-2013-1752"
},
{
"category": "external",
"summary": "SUSE Bug 856835 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/856835"
},
{
"category": "external",
"summary": "SUSE Bug 856836 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/856836"
},
{
"category": "external",
"summary": "SUSE Bug 863741 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/863741"
},
{
"category": "external",
"summary": "SUSE Bug 885882 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/885882"
},
{
"category": "external",
"summary": "SUSE Bug 898572 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/898572"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2013-1752"
},
{
"cve": "CVE-2013-4238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-4238"
}
],
"notes": [
{
"category": "general",
"text": "The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-4238",
"url": "https://www.suse.com/security/cve/CVE-2013-4238"
},
{
"category": "external",
"summary": "SUSE Bug 834601 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/834601"
},
{
"category": "external",
"summary": "SUSE Bug 839107 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/839107"
},
{
"category": "external",
"summary": "SUSE Bug 882915 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/882915"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2013-4238"
},
{
"cve": "CVE-2014-2667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-2667"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-2667",
"url": "https://www.suse.com/security/cve/CVE-2014-2667"
},
{
"category": "external",
"summary": "SUSE Bug 871152 for CVE-2014-2667",
"url": "https://bugzilla.suse.com/871152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2014-2667"
},
{
"cve": "CVE-2014-4650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4650"
}
],
"notes": [
{
"category": "general",
"text": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4650",
"url": "https://www.suse.com/security/cve/CVE-2014-4650"
},
{
"category": "external",
"summary": "SUSE Bug 856835 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/856835"
},
{
"category": "external",
"summary": "SUSE Bug 856836 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/856836"
},
{
"category": "external",
"summary": "SUSE Bug 863741 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/863741"
},
{
"category": "external",
"summary": "SUSE Bug 885882 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/885882"
},
{
"category": "external",
"summary": "SUSE Bug 898572 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/898572"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2014-4650"
},
{
"cve": "CVE-2016-0772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0772"
}
],
"notes": [
{
"category": "general",
"text": "The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a \"StartTLS stripping attack.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0772",
"url": "https://www.suse.com/security/cve/CVE-2016-0772"
},
{
"category": "external",
"summary": "SUSE Bug 984751 for CVE-2016-0772",
"url": "https://bugzilla.suse.com/984751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2016-0772"
},
{
"cve": "CVE-2016-1000110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1000110"
}
],
"notes": [
{
"category": "general",
"text": "The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1000110",
"url": "https://www.suse.com/security/cve/CVE-2016-1000110"
},
{
"category": "external",
"summary": "SUSE Bug 988484 for CVE-2016-1000110",
"url": "https://bugzilla.suse.com/988484"
},
{
"category": "external",
"summary": "SUSE Bug 989523 for CVE-2016-1000110",
"url": "https://bugzilla.suse.com/989523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2016-1000110"
},
{
"cve": "CVE-2016-5636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5636"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5636",
"url": "https://www.suse.com/security/cve/CVE-2016-5636"
},
{
"category": "external",
"summary": "SUSE Bug 1065451 for CVE-2016-5636",
"url": "https://bugzilla.suse.com/1065451"
},
{
"category": "external",
"summary": "SUSE Bug 1106262 for CVE-2016-5636",
"url": "https://bugzilla.suse.com/1106262"
},
{
"category": "external",
"summary": "SUSE Bug 985177 for CVE-2016-5636",
"url": "https://bugzilla.suse.com/985177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "important"
}
],
"title": "CVE-2016-5636"
},
{
"cve": "CVE-2016-5699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5699"
}
],
"notes": [
{
"category": "general",
"text": "CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5699",
"url": "https://www.suse.com/security/cve/CVE-2016-5699"
},
{
"category": "external",
"summary": "SUSE Bug 1122729 for CVE-2016-5699",
"url": "https://bugzilla.suse.com/1122729"
},
{
"category": "external",
"summary": "SUSE Bug 1130840 for CVE-2016-5699",
"url": "https://bugzilla.suse.com/1130840"
},
{
"category": "external",
"summary": "SUSE Bug 985348 for CVE-2016-5699",
"url": "https://bugzilla.suse.com/985348"
},
{
"category": "external",
"summary": "SUSE Bug 985351 for CVE-2016-5699",
"url": "https://bugzilla.suse.com/985351"
},
{
"category": "external",
"summary": "SUSE Bug 986630 for CVE-2016-5699",
"url": "https://bugzilla.suse.com/986630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2016-5699"
},
{
"cve": "CVE-2017-18207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18207"
}
],
"notes": [
{
"category": "general",
"text": "** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18207",
"url": "https://www.suse.com/security/cve/CVE-2017-18207"
},
{
"category": "external",
"summary": "SUSE Bug 1083507 for CVE-2017-18207",
"url": "https://bugzilla.suse.com/1083507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2017-18207"
},
{
"cve": "CVE-2018-1000802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000802"
}
],
"notes": [
{
"category": "general",
"text": "Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000802",
"url": "https://www.suse.com/security/cve/CVE-2018-1000802"
},
{
"category": "external",
"summary": "SUSE Bug 1109663 for CVE-2018-1000802",
"url": "https://bugzilla.suse.com/1109663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000802"
},
{
"cve": "CVE-2018-1060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1060"
}
],
"notes": [
{
"category": "general",
"text": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib\u0027s apop() method. An attacker could use this flaw to cause denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1060",
"url": "https://www.suse.com/security/cve/CVE-2018-1060"
},
{
"category": "external",
"summary": "SUSE Bug 1088009 for CVE-2018-1060",
"url": "https://bugzilla.suse.com/1088009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "low"
}
],
"title": "CVE-2018-1060"
},
{
"cve": "CVE-2018-1061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1061"
}
],
"notes": [
{
"category": "general",
"text": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1061",
"url": "https://www.suse.com/security/cve/CVE-2018-1061"
},
{
"category": "external",
"summary": "SUSE Bug 1088004 for CVE-2018-1061",
"url": "https://bugzilla.suse.com/1088004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2018-1061"
},
{
"cve": "CVE-2018-14647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14647"
}
],
"notes": [
{
"category": "general",
"text": "Python\u0027s elementtree C accelerator failed to initialise Expat\u0027s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat\u0027s internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14647",
"url": "https://www.suse.com/security/cve/CVE-2018-14647"
},
{
"category": "external",
"summary": "SUSE Bug 1109847 for CVE-2018-14647",
"url": "https://bugzilla.suse.com/1109847"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-14647",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2018-14647"
},
{
"cve": "CVE-2018-20406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20406"
}
],
"notes": [
{
"category": "general",
"text": "Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a \"resize to twice the size\" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20406",
"url": "https://www.suse.com/security/cve/CVE-2018-20406"
},
{
"category": "external",
"summary": "SUSE Bug 1120644 for CVE-2018-20406",
"url": "https://bugzilla.suse.com/1120644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "low"
}
],
"title": "CVE-2018-20406"
},
{
"cve": "CVE-2018-20852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20852"
}
],
"notes": [
{
"category": "general",
"text": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20852",
"url": "https://www.suse.com/security/cve/CVE-2018-20852"
},
{
"category": "external",
"summary": "SUSE Bug 1141853 for CVE-2018-20852",
"url": "https://bugzilla.suse.com/1141853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2018-20852"
},
{
"cve": "CVE-2019-10160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10160"
}
],
"notes": [
{
"category": "general",
"text": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10160",
"url": "https://www.suse.com/security/cve/CVE-2019-10160"
},
{
"category": "external",
"summary": "SUSE Bug 1138459 for CVE-2019-10160",
"url": "https://bugzilla.suse.com/1138459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "critical"
}
],
"title": "CVE-2019-10160"
},
{
"cve": "CVE-2019-15903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15903"
}
],
"notes": [
{
"category": "general",
"text": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15903",
"url": "https://www.suse.com/security/cve/CVE-2019-15903"
},
{
"category": "external",
"summary": "SUSE Bug 1149429 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1149429"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154738"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "important"
}
],
"title": "CVE-2019-15903"
},
{
"cve": "CVE-2019-16056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16056"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16056",
"url": "https://www.suse.com/security/cve/CVE-2019-16056"
},
{
"category": "external",
"summary": "SUSE Bug 1149955 for CVE-2019-16056",
"url": "https://bugzilla.suse.com/1149955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2019-16056"
},
{
"cve": "CVE-2019-16935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16935"
}
],
"notes": [
{
"category": "general",
"text": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16935",
"url": "https://www.suse.com/security/cve/CVE-2019-16935"
},
{
"category": "external",
"summary": "SUSE Bug 1153238 for CVE-2019-16935",
"url": "https://bugzilla.suse.com/1153238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2019-16935"
},
{
"cve": "CVE-2019-5010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5010"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5010",
"url": "https://www.suse.com/security/cve/CVE-2019-5010"
},
{
"category": "external",
"summary": "SUSE Bug 1122191 for CVE-2019-5010",
"url": "https://bugzilla.suse.com/1122191"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2019-5010",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "important"
}
],
"title": "CVE-2019-5010"
},
{
"cve": "CVE-2019-9636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9636"
}
],
"notes": [
{
"category": "general",
"text": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9636",
"url": "https://www.suse.com/security/cve/CVE-2019-9636"
},
{
"category": "external",
"summary": "SUSE Bug 1129346 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1129346"
},
{
"category": "external",
"summary": "SUSE Bug 1135433 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1135433"
},
{
"category": "external",
"summary": "SUSE Bug 1138459 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1138459"
},
{
"category": "external",
"summary": "SUSE Bug 1145004 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1145004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "important"
}
],
"title": "CVE-2019-9636"
},
{
"cve": "CVE-2019-9947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9947"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9947",
"url": "https://www.suse.com/security/cve/CVE-2019-9947"
},
{
"category": "external",
"summary": "SUSE Bug 1130840 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1130840"
},
{
"category": "external",
"summary": "SUSE Bug 1136184 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1136184"
},
{
"category": "external",
"summary": "SUSE Bug 1155094 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1155094"
},
{
"category": "external",
"summary": "SUSE Bug 1201559 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1201559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2019-9947"
}
]
}
OPENSUSE-SU-2024:11202-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python-2.7.18-8.1 on GA media
Severity
Moderate
Notes
Title of the patch: python-2.7.18-8.1 on GA media
Description of the patch: These are all security issues fixed in the python-2.7.18-8.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11202
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.3 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.5 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
6.5 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
6.5 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
166 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python-2.7.18-8.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python-2.7.18-8.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11202",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11202-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-2052 page",
"url": "https://www.suse.com/security/cve/CVE-2007-2052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1721 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-2315 page",
"url": "https://www.suse.com/security/cve/CVE-2008-2315/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-2316 page",
"url": "https://www.suse.com/security/cve/CVE-2008-2316/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-3142 page",
"url": "https://www.suse.com/security/cve/CVE-2008-3142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-3143 page",
"url": "https://www.suse.com/security/cve/CVE-2008-3143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-3144 page",
"url": "https://www.suse.com/security/cve/CVE-2008-3144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-1521 page",
"url": "https://www.suse.com/security/cve/CVE-2011-1521/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3389 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-4944 page",
"url": "https://www.suse.com/security/cve/CVE-2011-4944/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-0845 page",
"url": "https://www.suse.com/security/cve/CVE-2012-0845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1150 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-1752 page",
"url": "https://www.suse.com/security/cve/CVE-2013-1752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-1753 page",
"url": "https://www.suse.com/security/cve/CVE-2013-1753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-1912 page",
"url": "https://www.suse.com/security/cve/CVE-2014-1912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4650 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-7185 page",
"url": "https://www.suse.com/security/cve/CVE-2014-7185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1000110 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1000110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000158 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18207 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000030 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000802 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1060 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1061 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14647 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20852 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10160 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16056 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16935 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5010 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9636 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9674 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9947 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9948 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8492 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23336 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3177 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3733 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3737 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3737/"
}
],
"title": "python-2.7.18-8.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11202-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-2.7.18-8.1.aarch64",
"product": {
"name": "python-2.7.18-8.1.aarch64",
"product_id": "python-2.7.18-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-32bit-2.7.18-8.1.aarch64",
"product": {
"name": "python-32bit-2.7.18-8.1.aarch64",
"product_id": "python-32bit-2.7.18-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-8.1.aarch64",
"product": {
"name": "python-curses-2.7.18-8.1.aarch64",
"product_id": "python-curses-2.7.18-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-8.1.aarch64",
"product": {
"name": "python-demo-2.7.18-8.1.aarch64",
"product_id": "python-demo-2.7.18-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-8.1.aarch64",
"product": {
"name": "python-gdbm-2.7.18-8.1.aarch64",
"product_id": "python-gdbm-2.7.18-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-8.1.aarch64",
"product": {
"name": "python-idle-2.7.18-8.1.aarch64",
"product_id": "python-idle-2.7.18-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-8.1.aarch64",
"product": {
"name": "python-tk-2.7.18-8.1.aarch64",
"product_id": "python-tk-2.7.18-8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-2.7.18-8.1.ppc64le",
"product": {
"name": "python-2.7.18-8.1.ppc64le",
"product_id": "python-2.7.18-8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-32bit-2.7.18-8.1.ppc64le",
"product": {
"name": "python-32bit-2.7.18-8.1.ppc64le",
"product_id": "python-32bit-2.7.18-8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-8.1.ppc64le",
"product": {
"name": "python-curses-2.7.18-8.1.ppc64le",
"product_id": "python-curses-2.7.18-8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-8.1.ppc64le",
"product": {
"name": "python-demo-2.7.18-8.1.ppc64le",
"product_id": "python-demo-2.7.18-8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-8.1.ppc64le",
"product": {
"name": "python-gdbm-2.7.18-8.1.ppc64le",
"product_id": "python-gdbm-2.7.18-8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-8.1.ppc64le",
"product": {
"name": "python-idle-2.7.18-8.1.ppc64le",
"product_id": "python-idle-2.7.18-8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-8.1.ppc64le",
"product": {
"name": "python-tk-2.7.18-8.1.ppc64le",
"product_id": "python-tk-2.7.18-8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-2.7.18-8.1.s390x",
"product": {
"name": "python-2.7.18-8.1.s390x",
"product_id": "python-2.7.18-8.1.s390x"
}
},
{
"category": "product_version",
"name": "python-32bit-2.7.18-8.1.s390x",
"product": {
"name": "python-32bit-2.7.18-8.1.s390x",
"product_id": "python-32bit-2.7.18-8.1.s390x"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-8.1.s390x",
"product": {
"name": "python-curses-2.7.18-8.1.s390x",
"product_id": "python-curses-2.7.18-8.1.s390x"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-8.1.s390x",
"product": {
"name": "python-demo-2.7.18-8.1.s390x",
"product_id": "python-demo-2.7.18-8.1.s390x"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-8.1.s390x",
"product": {
"name": "python-gdbm-2.7.18-8.1.s390x",
"product_id": "python-gdbm-2.7.18-8.1.s390x"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-8.1.s390x",
"product": {
"name": "python-idle-2.7.18-8.1.s390x",
"product_id": "python-idle-2.7.18-8.1.s390x"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-8.1.s390x",
"product": {
"name": "python-tk-2.7.18-8.1.s390x",
"product_id": "python-tk-2.7.18-8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python-2.7.18-8.1.x86_64",
"product": {
"name": "python-2.7.18-8.1.x86_64",
"product_id": "python-2.7.18-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-32bit-2.7.18-8.1.x86_64",
"product": {
"name": "python-32bit-2.7.18-8.1.x86_64",
"product_id": "python-32bit-2.7.18-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-8.1.x86_64",
"product": {
"name": "python-curses-2.7.18-8.1.x86_64",
"product_id": "python-curses-2.7.18-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-8.1.x86_64",
"product": {
"name": "python-demo-2.7.18-8.1.x86_64",
"product_id": "python-demo-2.7.18-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-8.1.x86_64",
"product": {
"name": "python-gdbm-2.7.18-8.1.x86_64",
"product_id": "python-gdbm-2.7.18-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-8.1.x86_64",
"product": {
"name": "python-idle-2.7.18-8.1.x86_64",
"product_id": "python-idle-2.7.18-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-8.1.x86_64",
"product": {
"name": "python-tk-2.7.18-8.1.x86_64",
"product_id": "python-tk-2.7.18-8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-2.7.18-8.1.aarch64"
},
"product_reference": "python-2.7.18-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le"
},
"product_reference": "python-2.7.18-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-2.7.18-8.1.s390x"
},
"product_reference": "python-2.7.18-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-2.7.18-8.1.x86_64"
},
"product_reference": "python-2.7.18-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-32bit-2.7.18-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64"
},
"product_reference": "python-32bit-2.7.18-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-32bit-2.7.18-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le"
},
"product_reference": "python-32bit-2.7.18-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-32bit-2.7.18-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x"
},
"product_reference": "python-32bit-2.7.18-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-32bit-2.7.18-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64"
},
"product_reference": "python-32bit-2.7.18-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64"
},
"product_reference": "python-curses-2.7.18-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le"
},
"product_reference": "python-curses-2.7.18-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x"
},
"product_reference": "python-curses-2.7.18-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64"
},
"product_reference": "python-curses-2.7.18-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-demo-2.7.18-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64"
},
"product_reference": "python-demo-2.7.18-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-demo-2.7.18-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le"
},
"product_reference": "python-demo-2.7.18-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-demo-2.7.18-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x"
},
"product_reference": "python-demo-2.7.18-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-demo-2.7.18-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64"
},
"product_reference": "python-demo-2.7.18-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64"
},
"product_reference": "python-gdbm-2.7.18-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le"
},
"product_reference": "python-gdbm-2.7.18-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x"
},
"product_reference": "python-gdbm-2.7.18-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64"
},
"product_reference": "python-gdbm-2.7.18-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idle-2.7.18-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64"
},
"product_reference": "python-idle-2.7.18-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idle-2.7.18-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le"
},
"product_reference": "python-idle-2.7.18-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idle-2.7.18-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x"
},
"product_reference": "python-idle-2.7.18-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idle-2.7.18-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64"
},
"product_reference": "python-idle-2.7.18-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tk-2.7.18-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64"
},
"product_reference": "python-tk-2.7.18-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tk-2.7.18-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le"
},
"product_reference": "python-tk-2.7.18-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tk-2.7.18-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x"
},
"product_reference": "python-tk-2.7.18-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tk-2.7.18-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
},
"product_reference": "python-tk-2.7.18-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-2052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-2052"
}
],
"notes": [
{
"category": "general",
"text": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-2052",
"url": "https://www.suse.com/security/cve/CVE-2007-2052"
},
{
"category": "external",
"summary": "SUSE Bug 276889 for CVE-2007-2052",
"url": "https://bugzilla.suse.com/276889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-2052"
},
{
"cve": "CVE-2008-1721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1721"
}
],
"notes": [
{
"category": "general",
"text": "Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1721",
"url": "https://www.suse.com/security/cve/CVE-2008-1721"
},
{
"category": "external",
"summary": "SUSE Bug 379044 for CVE-2008-1721",
"url": "https://bugzilla.suse.com/379044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2008-1721"
},
{
"cve": "CVE-2008-2315",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-2315"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-2315",
"url": "https://www.suse.com/security/cve/CVE-2008-2315"
},
{
"category": "external",
"summary": "SUSE Bug 406051 for CVE-2008-2315",
"url": "https://bugzilla.suse.com/406051"
},
{
"category": "external",
"summary": "SUSE Bug 443653 for CVE-2008-2315",
"url": "https://bugzilla.suse.com/443653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2008-2315"
},
{
"cve": "CVE-2008-2316",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-2316"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to \"partial hashlib hashing of data exceeding 4GB.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-2316",
"url": "https://www.suse.com/security/cve/CVE-2008-2316"
},
{
"category": "external",
"summary": "SUSE Bug 406051 for CVE-2008-2316",
"url": "https://bugzilla.suse.com/406051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2008-2316"
},
{
"cve": "CVE-2008-3142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-3142"
}
],
"notes": [
{
"category": "general",
"text": "Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-3142",
"url": "https://www.suse.com/security/cve/CVE-2008-3142"
},
{
"category": "external",
"summary": "SUSE Bug 406051 for CVE-2008-3142",
"url": "https://bugzilla.suse.com/406051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2008-3142"
},
{
"cve": "CVE-2008-3143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-3143"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by \"checks for integer overflows, contributed by Google.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-3143",
"url": "https://www.suse.com/security/cve/CVE-2008-3143"
},
{
"category": "external",
"summary": "SUSE Bug 406051 for CVE-2008-3143",
"url": "https://bugzilla.suse.com/406051"
},
{
"category": "external",
"summary": "SUSE Bug 444989 for CVE-2008-3143",
"url": "https://bugzilla.suse.com/444989"
},
{
"category": "external",
"summary": "SUSE Bug 609759 for CVE-2008-3143",
"url": "https://bugzilla.suse.com/609759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2008-3143"
},
{
"cve": "CVE-2008-3144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-3144"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-3144",
"url": "https://www.suse.com/security/cve/CVE-2008-3144"
},
{
"category": "external",
"summary": "SUSE Bug 406051 for CVE-2008-3144",
"url": "https://bugzilla.suse.com/406051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-3144"
},
{
"cve": "CVE-2011-1521",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-1521"
}
],
"notes": [
{
"category": "general",
"text": "The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-1521",
"url": "https://www.suse.com/security/cve/CVE-2011-1521"
},
{
"category": "external",
"summary": "SUSE Bug 682554 for CVE-2011-1521",
"url": "https://bugzilla.suse.com/682554"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-1521"
},
{
"cve": "CVE-2011-3389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3389"
}
],
"notes": [
{
"category": "general",
"text": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3389",
"url": "https://www.suse.com/security/cve/CVE-2011-3389"
},
{
"category": "external",
"summary": "SUSE Bug 716002 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/716002"
},
{
"category": "external",
"summary": "SUSE Bug 719047 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/719047"
},
{
"category": "external",
"summary": "SUSE Bug 725167 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/725167"
},
{
"category": "external",
"summary": "SUSE Bug 726096 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/726096"
},
{
"category": "external",
"summary": "SUSE Bug 739248 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/739248"
},
{
"category": "external",
"summary": "SUSE Bug 739256 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/739256"
},
{
"category": "external",
"summary": "SUSE Bug 742306 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/742306"
},
{
"category": "external",
"summary": "SUSE Bug 751718 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/751718"
},
{
"category": "external",
"summary": "SUSE Bug 759666 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/759666"
},
{
"category": "external",
"summary": "SUSE Bug 763598 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/763598"
},
{
"category": "external",
"summary": "SUSE Bug 814655 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/814655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-3389"
},
{
"cve": "CVE-2011-4944",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-4944"
}
],
"notes": [
{
"category": "general",
"text": "Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-4944",
"url": "https://www.suse.com/security/cve/CVE-2011-4944"
},
{
"category": "external",
"summary": "SUSE Bug 754447 for CVE-2011-4944",
"url": "https://bugzilla.suse.com/754447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2011-4944"
},
{
"cve": "CVE-2012-0845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-0845"
}
],
"notes": [
{
"category": "general",
"text": "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-0845",
"url": "https://www.suse.com/security/cve/CVE-2012-0845"
},
{
"category": "external",
"summary": "SUSE Bug 747125 for CVE-2012-0845",
"url": "https://bugzilla.suse.com/747125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-0845"
},
{
"cve": "CVE-2012-1150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1150"
}
],
"notes": [
{
"category": "general",
"text": "Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1150",
"url": "https://www.suse.com/security/cve/CVE-2012-1150"
},
{
"category": "external",
"summary": "SUSE Bug 751718 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/751718"
},
{
"category": "external",
"summary": "SUSE Bug 755383 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/755383"
},
{
"category": "external",
"summary": "SUSE Bug 826682 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/826682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-1150"
},
{
"cve": "CVE-2013-1752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-1752"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 \"Independently Fixable\" in the CVE Counting Decisions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-1752",
"url": "https://www.suse.com/security/cve/CVE-2013-1752"
},
{
"category": "external",
"summary": "SUSE Bug 856835 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/856835"
},
{
"category": "external",
"summary": "SUSE Bug 856836 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/856836"
},
{
"category": "external",
"summary": "SUSE Bug 863741 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/863741"
},
{
"category": "external",
"summary": "SUSE Bug 885882 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/885882"
},
{
"category": "external",
"summary": "SUSE Bug 898572 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/898572"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-1752"
},
{
"cve": "CVE-2013-1753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-1753"
}
],
"notes": [
{
"category": "general",
"text": "The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-1753",
"url": "https://www.suse.com/security/cve/CVE-2013-1753"
},
{
"category": "external",
"summary": "SUSE Bug 856835 for CVE-2013-1753",
"url": "https://bugzilla.suse.com/856835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-1753"
},
{
"cve": "CVE-2014-1912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-1912"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-1912",
"url": "https://www.suse.com/security/cve/CVE-2014-1912"
},
{
"category": "external",
"summary": "SUSE Bug 1049392 for CVE-2014-1912",
"url": "https://bugzilla.suse.com/1049392"
},
{
"category": "external",
"summary": "SUSE Bug 1049422 for CVE-2014-1912",
"url": "https://bugzilla.suse.com/1049422"
},
{
"category": "external",
"summary": "SUSE Bug 863741 for CVE-2014-1912",
"url": "https://bugzilla.suse.com/863741"
},
{
"category": "external",
"summary": "SUSE Bug 882915 for CVE-2014-1912",
"url": "https://bugzilla.suse.com/882915"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2014-1912",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2014-1912"
},
{
"cve": "CVE-2014-4650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4650"
}
],
"notes": [
{
"category": "general",
"text": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4650",
"url": "https://www.suse.com/security/cve/CVE-2014-4650"
},
{
"category": "external",
"summary": "SUSE Bug 856835 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/856835"
},
{
"category": "external",
"summary": "SUSE Bug 856836 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/856836"
},
{
"category": "external",
"summary": "SUSE Bug 863741 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/863741"
},
{
"category": "external",
"summary": "SUSE Bug 885882 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/885882"
},
{
"category": "external",
"summary": "SUSE Bug 898572 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/898572"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-4650"
},
{
"cve": "CVE-2014-7185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-7185"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a \"buffer\" function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-7185",
"url": "https://www.suse.com/security/cve/CVE-2014-7185"
},
{
"category": "external",
"summary": "SUSE Bug 898572 for CVE-2014-7185",
"url": "https://bugzilla.suse.com/898572"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2014-7185",
"url": "https://bugzilla.suse.com/912739"
},
{
"category": "external",
"summary": "SUSE Bug 913479 for CVE-2014-7185",
"url": "https://bugzilla.suse.com/913479"
},
{
"category": "external",
"summary": "SUSE Bug 955182 for CVE-2014-7185",
"url": "https://bugzilla.suse.com/955182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-7185"
},
{
"cve": "CVE-2016-1000110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1000110"
}
],
"notes": [
{
"category": "general",
"text": "The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1000110",
"url": "https://www.suse.com/security/cve/CVE-2016-1000110"
},
{
"category": "external",
"summary": "SUSE Bug 988484 for CVE-2016-1000110",
"url": "https://bugzilla.suse.com/988484"
},
{
"category": "external",
"summary": "SUSE Bug 989523 for CVE-2016-1000110",
"url": "https://bugzilla.suse.com/989523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-1000110"
},
{
"cve": "CVE-2017-1000158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000158"
}
],
"notes": [
{
"category": "general",
"text": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000158",
"url": "https://www.suse.com/security/cve/CVE-2017-1000158"
},
{
"category": "external",
"summary": "SUSE Bug 1068664 for CVE-2017-1000158",
"url": "https://bugzilla.suse.com/1068664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-1000158"
},
{
"cve": "CVE-2017-18207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18207"
}
],
"notes": [
{
"category": "general",
"text": "** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18207",
"url": "https://www.suse.com/security/cve/CVE-2017-18207"
},
{
"category": "external",
"summary": "SUSE Bug 1083507 for CVE-2017-18207",
"url": "https://bugzilla.suse.com/1083507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-18207"
},
{
"cve": "CVE-2018-1000030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000030"
}
],
"notes": [
{
"category": "general",
"text": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree\u0027s-\u003eThread2-Re-uses-Free\u0027d Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000030",
"url": "https://www.suse.com/security/cve/CVE-2018-1000030"
},
{
"category": "external",
"summary": "SUSE Bug 1079300 for CVE-2018-1000030",
"url": "https://bugzilla.suse.com/1079300"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-1000030"
},
{
"cve": "CVE-2018-1000802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000802"
}
],
"notes": [
{
"category": "general",
"text": "Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000802",
"url": "https://www.suse.com/security/cve/CVE-2018-1000802"
},
{
"category": "external",
"summary": "SUSE Bug 1109663 for CVE-2018-1000802",
"url": "https://bugzilla.suse.com/1109663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000802"
},
{
"cve": "CVE-2018-1060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1060"
}
],
"notes": [
{
"category": "general",
"text": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib\u0027s apop() method. An attacker could use this flaw to cause denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1060",
"url": "https://www.suse.com/security/cve/CVE-2018-1060"
},
{
"category": "external",
"summary": "SUSE Bug 1088009 for CVE-2018-1060",
"url": "https://bugzilla.suse.com/1088009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-1060"
},
{
"cve": "CVE-2018-1061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1061"
}
],
"notes": [
{
"category": "general",
"text": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1061",
"url": "https://www.suse.com/security/cve/CVE-2018-1061"
},
{
"category": "external",
"summary": "SUSE Bug 1088004 for CVE-2018-1061",
"url": "https://bugzilla.suse.com/1088004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1061"
},
{
"cve": "CVE-2018-14647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14647"
}
],
"notes": [
{
"category": "general",
"text": "Python\u0027s elementtree C accelerator failed to initialise Expat\u0027s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat\u0027s internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14647",
"url": "https://www.suse.com/security/cve/CVE-2018-14647"
},
{
"category": "external",
"summary": "SUSE Bug 1109847 for CVE-2018-14647",
"url": "https://bugzilla.suse.com/1109847"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-14647",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14647"
},
{
"cve": "CVE-2018-20852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20852"
}
],
"notes": [
{
"category": "general",
"text": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20852",
"url": "https://www.suse.com/security/cve/CVE-2018-20852"
},
{
"category": "external",
"summary": "SUSE Bug 1141853 for CVE-2018-20852",
"url": "https://bugzilla.suse.com/1141853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20852"
},
{
"cve": "CVE-2019-10160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10160"
}
],
"notes": [
{
"category": "general",
"text": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10160",
"url": "https://www.suse.com/security/cve/CVE-2019-10160"
},
{
"category": "external",
"summary": "SUSE Bug 1138459 for CVE-2019-10160",
"url": "https://bugzilla.suse.com/1138459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-10160"
},
{
"cve": "CVE-2019-16056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16056"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16056",
"url": "https://www.suse.com/security/cve/CVE-2019-16056"
},
{
"category": "external",
"summary": "SUSE Bug 1149955 for CVE-2019-16056",
"url": "https://bugzilla.suse.com/1149955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16056"
},
{
"cve": "CVE-2019-16935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16935"
}
],
"notes": [
{
"category": "general",
"text": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16935",
"url": "https://www.suse.com/security/cve/CVE-2019-16935"
},
{
"category": "external",
"summary": "SUSE Bug 1153238 for CVE-2019-16935",
"url": "https://bugzilla.suse.com/1153238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16935"
},
{
"cve": "CVE-2019-18348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18348",
"url": "https://www.suse.com/security/cve/CVE-2019-18348"
},
{
"category": "external",
"summary": "SUSE Bug 1155094 for CVE-2019-18348",
"url": "https://bugzilla.suse.com/1155094"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-18348"
},
{
"cve": "CVE-2019-5010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5010"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5010",
"url": "https://www.suse.com/security/cve/CVE-2019-5010"
},
{
"category": "external",
"summary": "SUSE Bug 1122191 for CVE-2019-5010",
"url": "https://bugzilla.suse.com/1122191"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2019-5010",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-5010"
},
{
"cve": "CVE-2019-9636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9636"
}
],
"notes": [
{
"category": "general",
"text": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9636",
"url": "https://www.suse.com/security/cve/CVE-2019-9636"
},
{
"category": "external",
"summary": "SUSE Bug 1129346 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1129346"
},
{
"category": "external",
"summary": "SUSE Bug 1135433 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1135433"
},
{
"category": "external",
"summary": "SUSE Bug 1138459 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1138459"
},
{
"category": "external",
"summary": "SUSE Bug 1145004 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1145004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9636"
},
{
"cve": "CVE-2019-9674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9674"
}
],
"notes": [
{
"category": "general",
"text": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9674",
"url": "https://www.suse.com/security/cve/CVE-2019-9674"
},
{
"category": "external",
"summary": "SUSE Bug 1162825 for CVE-2019-9674",
"url": "https://bugzilla.suse.com/1162825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-9674"
},
{
"cve": "CVE-2019-9947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9947"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9947",
"url": "https://www.suse.com/security/cve/CVE-2019-9947"
},
{
"category": "external",
"summary": "SUSE Bug 1130840 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1130840"
},
{
"category": "external",
"summary": "SUSE Bug 1136184 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1136184"
},
{
"category": "external",
"summary": "SUSE Bug 1155094 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1155094"
},
{
"category": "external",
"summary": "SUSE Bug 1201559 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1201559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-9947"
},
{
"cve": "CVE-2019-9948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9948"
}
],
"notes": [
{
"category": "general",
"text": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(\u0027local_file:///etc/passwd\u0027) call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9948",
"url": "https://www.suse.com/security/cve/CVE-2019-9948"
},
{
"category": "external",
"summary": "SUSE Bug 1130847 for CVE-2019-9948",
"url": "https://bugzilla.suse.com/1130847"
},
{
"category": "external",
"summary": "SUSE Bug 1135433 for CVE-2019-9948",
"url": "https://bugzilla.suse.com/1135433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-9948"
},
{
"cve": "CVE-2020-8492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8492"
}
],
"notes": [
{
"category": "general",
"text": "Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8492",
"url": "https://www.suse.com/security/cve/CVE-2020-8492"
},
{
"category": "external",
"summary": "SUSE Bug 1162367 for CVE-2020-8492",
"url": "https://bugzilla.suse.com/1162367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8492"
},
{
"cve": "CVE-2021-23336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23336"
}
],
"notes": [
{
"category": "general",
"text": "The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23336",
"url": "https://www.suse.com/security/cve/CVE-2021-23336"
},
{
"category": "external",
"summary": "SUSE Bug 1182179 for CVE-2021-23336",
"url": "https://bugzilla.suse.com/1182179"
},
{
"category": "external",
"summary": "SUSE Bug 1182379 for CVE-2021-23336",
"url": "https://bugzilla.suse.com/1182379"
},
{
"category": "external",
"summary": "SUSE Bug 1182433 for CVE-2021-23336",
"url": "https://bugzilla.suse.com/1182433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23336"
},
{
"cve": "CVE-2021-3177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3177"
}
],
"notes": [
{
"category": "general",
"text": "Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3177",
"url": "https://www.suse.com/security/cve/CVE-2021-3177"
},
{
"category": "external",
"summary": "SUSE Bug 1181126 for CVE-2021-3177",
"url": "https://bugzilla.suse.com/1181126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3177"
},
{
"cve": "CVE-2021-3733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3733"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a flaw in urllib\u0027s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3733",
"url": "https://www.suse.com/security/cve/CVE-2021-3733"
},
{
"category": "external",
"summary": "SUSE Bug 1189287 for CVE-2021-3733",
"url": "https://bugzilla.suse.com/1189287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-3733"
},
{
"cve": "CVE-2021-3737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3737"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3737",
"url": "https://www.suse.com/security/cve/CVE-2021-3737"
},
{
"category": "external",
"summary": "SUSE Bug 1189241 for CVE-2021-3737",
"url": "https://bugzilla.suse.com/1189241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-32bit-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-curses-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-demo-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-gdbm-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-idle-2.7.18-8.1.x86_64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.aarch64",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.ppc64le",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.s390x",
"openSUSE Tumbleweed:python-tk-2.7.18-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3737"
}
]
}
OPENSUSE-SU-2024:11284-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python36-3.6.15-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python36-3.6.15-1.1 on GA media
Description of the patch: These are all security issues fixed in the python36-3.6.15-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11284
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.3 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.3 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.8 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
6.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
167 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python36-3.6.15-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python36-3.6.15-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11284",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11284-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3389 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-4944 page",
"url": "https://www.suse.com/security/cve/CVE-2011-4944/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-0845 page",
"url": "https://www.suse.com/security/cve/CVE-2012-0845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1150 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-1752 page",
"url": "https://www.suse.com/security/cve/CVE-2013-1752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-4238 page",
"url": "https://www.suse.com/security/cve/CVE-2013-4238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-2667 page",
"url": "https://www.suse.com/security/cve/CVE-2014-2667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4650 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0772 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1000110 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1000110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5636 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5699 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18207 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000802 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1060 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1061 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14647 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20406 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20852 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10160 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15903 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16056 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16935 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-20907 page",
"url": "https://www.suse.com/security/cve/CVE-2019-20907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-20916 page",
"url": "https://www.suse.com/security/cve/CVE-2019-20916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5010 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9636 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9674 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9947 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14422 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14422/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26116 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27619 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8492 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23336 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3177 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3426 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3733 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3737 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3737/"
}
],
"title": "python36-3.6.15-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11284-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python36-3.6.15-1.1.aarch64",
"product": {
"name": "python36-3.6.15-1.1.aarch64",
"product_id": "python36-3.6.15-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python36-32bit-3.6.15-1.1.aarch64",
"product": {
"name": "python36-32bit-3.6.15-1.1.aarch64",
"product_id": "python36-32bit-3.6.15-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python36-curses-3.6.15-1.1.aarch64",
"product": {
"name": "python36-curses-3.6.15-1.1.aarch64",
"product_id": "python36-curses-3.6.15-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python36-dbm-3.6.15-1.1.aarch64",
"product": {
"name": "python36-dbm-3.6.15-1.1.aarch64",
"product_id": "python36-dbm-3.6.15-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python36-idle-3.6.15-1.1.aarch64",
"product": {
"name": "python36-idle-3.6.15-1.1.aarch64",
"product_id": "python36-idle-3.6.15-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python36-tk-3.6.15-1.1.aarch64",
"product": {
"name": "python36-tk-3.6.15-1.1.aarch64",
"product_id": "python36-tk-3.6.15-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-3.6.15-1.1.ppc64le",
"product": {
"name": "python36-3.6.15-1.1.ppc64le",
"product_id": "python36-3.6.15-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-32bit-3.6.15-1.1.ppc64le",
"product": {
"name": "python36-32bit-3.6.15-1.1.ppc64le",
"product_id": "python36-32bit-3.6.15-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-curses-3.6.15-1.1.ppc64le",
"product": {
"name": "python36-curses-3.6.15-1.1.ppc64le",
"product_id": "python36-curses-3.6.15-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-dbm-3.6.15-1.1.ppc64le",
"product": {
"name": "python36-dbm-3.6.15-1.1.ppc64le",
"product_id": "python36-dbm-3.6.15-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-idle-3.6.15-1.1.ppc64le",
"product": {
"name": "python36-idle-3.6.15-1.1.ppc64le",
"product_id": "python36-idle-3.6.15-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-tk-3.6.15-1.1.ppc64le",
"product": {
"name": "python36-tk-3.6.15-1.1.ppc64le",
"product_id": "python36-tk-3.6.15-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-3.6.15-1.1.s390x",
"product": {
"name": "python36-3.6.15-1.1.s390x",
"product_id": "python36-3.6.15-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python36-32bit-3.6.15-1.1.s390x",
"product": {
"name": "python36-32bit-3.6.15-1.1.s390x",
"product_id": "python36-32bit-3.6.15-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python36-curses-3.6.15-1.1.s390x",
"product": {
"name": "python36-curses-3.6.15-1.1.s390x",
"product_id": "python36-curses-3.6.15-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python36-dbm-3.6.15-1.1.s390x",
"product": {
"name": "python36-dbm-3.6.15-1.1.s390x",
"product_id": "python36-dbm-3.6.15-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python36-idle-3.6.15-1.1.s390x",
"product": {
"name": "python36-idle-3.6.15-1.1.s390x",
"product_id": "python36-idle-3.6.15-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python36-tk-3.6.15-1.1.s390x",
"product": {
"name": "python36-tk-3.6.15-1.1.s390x",
"product_id": "python36-tk-3.6.15-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-3.6.15-1.1.x86_64",
"product": {
"name": "python36-3.6.15-1.1.x86_64",
"product_id": "python36-3.6.15-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python36-32bit-3.6.15-1.1.x86_64",
"product": {
"name": "python36-32bit-3.6.15-1.1.x86_64",
"product_id": "python36-32bit-3.6.15-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python36-curses-3.6.15-1.1.x86_64",
"product": {
"name": "python36-curses-3.6.15-1.1.x86_64",
"product_id": "python36-curses-3.6.15-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python36-dbm-3.6.15-1.1.x86_64",
"product": {
"name": "python36-dbm-3.6.15-1.1.x86_64",
"product_id": "python36-dbm-3.6.15-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python36-idle-3.6.15-1.1.x86_64",
"product": {
"name": "python36-idle-3.6.15-1.1.x86_64",
"product_id": "python36-idle-3.6.15-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python36-tk-3.6.15-1.1.x86_64",
"product": {
"name": "python36-tk-3.6.15-1.1.x86_64",
"product_id": "python36-tk-3.6.15-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-3.6.15-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64"
},
"product_reference": "python36-3.6.15-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-3.6.15-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le"
},
"product_reference": "python36-3.6.15-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-3.6.15-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-3.6.15-1.1.s390x"
},
"product_reference": "python36-3.6.15-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-3.6.15-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64"
},
"product_reference": "python36-3.6.15-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-32bit-3.6.15-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64"
},
"product_reference": "python36-32bit-3.6.15-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-32bit-3.6.15-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le"
},
"product_reference": "python36-32bit-3.6.15-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-32bit-3.6.15-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x"
},
"product_reference": "python36-32bit-3.6.15-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-32bit-3.6.15-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64"
},
"product_reference": "python36-32bit-3.6.15-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-curses-3.6.15-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64"
},
"product_reference": "python36-curses-3.6.15-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-curses-3.6.15-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le"
},
"product_reference": "python36-curses-3.6.15-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-curses-3.6.15-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x"
},
"product_reference": "python36-curses-3.6.15-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-curses-3.6.15-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64"
},
"product_reference": "python36-curses-3.6.15-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-dbm-3.6.15-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64"
},
"product_reference": "python36-dbm-3.6.15-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-dbm-3.6.15-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le"
},
"product_reference": "python36-dbm-3.6.15-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-dbm-3.6.15-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x"
},
"product_reference": "python36-dbm-3.6.15-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-dbm-3.6.15-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64"
},
"product_reference": "python36-dbm-3.6.15-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-idle-3.6.15-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64"
},
"product_reference": "python36-idle-3.6.15-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-idle-3.6.15-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le"
},
"product_reference": "python36-idle-3.6.15-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-idle-3.6.15-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x"
},
"product_reference": "python36-idle-3.6.15-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-idle-3.6.15-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64"
},
"product_reference": "python36-idle-3.6.15-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-tk-3.6.15-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64"
},
"product_reference": "python36-tk-3.6.15-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-tk-3.6.15-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le"
},
"product_reference": "python36-tk-3.6.15-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-tk-3.6.15-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x"
},
"product_reference": "python36-tk-3.6.15-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-tk-3.6.15-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
},
"product_reference": "python36-tk-3.6.15-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-3389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3389"
}
],
"notes": [
{
"category": "general",
"text": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3389",
"url": "https://www.suse.com/security/cve/CVE-2011-3389"
},
{
"category": "external",
"summary": "SUSE Bug 716002 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/716002"
},
{
"category": "external",
"summary": "SUSE Bug 719047 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/719047"
},
{
"category": "external",
"summary": "SUSE Bug 725167 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/725167"
},
{
"category": "external",
"summary": "SUSE Bug 726096 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/726096"
},
{
"category": "external",
"summary": "SUSE Bug 739248 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/739248"
},
{
"category": "external",
"summary": "SUSE Bug 739256 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/739256"
},
{
"category": "external",
"summary": "SUSE Bug 742306 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/742306"
},
{
"category": "external",
"summary": "SUSE Bug 751718 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/751718"
},
{
"category": "external",
"summary": "SUSE Bug 759666 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/759666"
},
{
"category": "external",
"summary": "SUSE Bug 763598 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/763598"
},
{
"category": "external",
"summary": "SUSE Bug 814655 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/814655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-3389"
},
{
"cve": "CVE-2011-4944",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-4944"
}
],
"notes": [
{
"category": "general",
"text": "Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-4944",
"url": "https://www.suse.com/security/cve/CVE-2011-4944"
},
{
"category": "external",
"summary": "SUSE Bug 754447 for CVE-2011-4944",
"url": "https://bugzilla.suse.com/754447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2011-4944"
},
{
"cve": "CVE-2012-0845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-0845"
}
],
"notes": [
{
"category": "general",
"text": "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-0845",
"url": "https://www.suse.com/security/cve/CVE-2012-0845"
},
{
"category": "external",
"summary": "SUSE Bug 747125 for CVE-2012-0845",
"url": "https://bugzilla.suse.com/747125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-0845"
},
{
"cve": "CVE-2012-1150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1150"
}
],
"notes": [
{
"category": "general",
"text": "Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1150",
"url": "https://www.suse.com/security/cve/CVE-2012-1150"
},
{
"category": "external",
"summary": "SUSE Bug 751718 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/751718"
},
{
"category": "external",
"summary": "SUSE Bug 755383 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/755383"
},
{
"category": "external",
"summary": "SUSE Bug 826682 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/826682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-1150"
},
{
"cve": "CVE-2013-1752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-1752"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 \"Independently Fixable\" in the CVE Counting Decisions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-1752",
"url": "https://www.suse.com/security/cve/CVE-2013-1752"
},
{
"category": "external",
"summary": "SUSE Bug 856835 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/856835"
},
{
"category": "external",
"summary": "SUSE Bug 856836 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/856836"
},
{
"category": "external",
"summary": "SUSE Bug 863741 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/863741"
},
{
"category": "external",
"summary": "SUSE Bug 885882 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/885882"
},
{
"category": "external",
"summary": "SUSE Bug 898572 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/898572"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-1752"
},
{
"cve": "CVE-2013-4238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-4238"
}
],
"notes": [
{
"category": "general",
"text": "The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-4238",
"url": "https://www.suse.com/security/cve/CVE-2013-4238"
},
{
"category": "external",
"summary": "SUSE Bug 834601 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/834601"
},
{
"category": "external",
"summary": "SUSE Bug 839107 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/839107"
},
{
"category": "external",
"summary": "SUSE Bug 882915 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/882915"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-4238"
},
{
"cve": "CVE-2014-2667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-2667"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-2667",
"url": "https://www.suse.com/security/cve/CVE-2014-2667"
},
{
"category": "external",
"summary": "SUSE Bug 871152 for CVE-2014-2667",
"url": "https://bugzilla.suse.com/871152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-2667"
},
{
"cve": "CVE-2014-4650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4650"
}
],
"notes": [
{
"category": "general",
"text": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4650",
"url": "https://www.suse.com/security/cve/CVE-2014-4650"
},
{
"category": "external",
"summary": "SUSE Bug 856835 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/856835"
},
{
"category": "external",
"summary": "SUSE Bug 856836 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/856836"
},
{
"category": "external",
"summary": "SUSE Bug 863741 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/863741"
},
{
"category": "external",
"summary": "SUSE Bug 885882 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/885882"
},
{
"category": "external",
"summary": "SUSE Bug 898572 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/898572"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-4650"
},
{
"cve": "CVE-2016-0772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0772"
}
],
"notes": [
{
"category": "general",
"text": "The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a \"StartTLS stripping attack.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0772",
"url": "https://www.suse.com/security/cve/CVE-2016-0772"
},
{
"category": "external",
"summary": "SUSE Bug 984751 for CVE-2016-0772",
"url": "https://bugzilla.suse.com/984751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-0772"
},
{
"cve": "CVE-2016-1000110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1000110"
}
],
"notes": [
{
"category": "general",
"text": "The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1000110",
"url": "https://www.suse.com/security/cve/CVE-2016-1000110"
},
{
"category": "external",
"summary": "SUSE Bug 988484 for CVE-2016-1000110",
"url": "https://bugzilla.suse.com/988484"
},
{
"category": "external",
"summary": "SUSE Bug 989523 for CVE-2016-1000110",
"url": "https://bugzilla.suse.com/989523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-1000110"
},
{
"cve": "CVE-2016-5636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5636"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5636",
"url": "https://www.suse.com/security/cve/CVE-2016-5636"
},
{
"category": "external",
"summary": "SUSE Bug 1065451 for CVE-2016-5636",
"url": "https://bugzilla.suse.com/1065451"
},
{
"category": "external",
"summary": "SUSE Bug 1106262 for CVE-2016-5636",
"url": "https://bugzilla.suse.com/1106262"
},
{
"category": "external",
"summary": "SUSE Bug 985177 for CVE-2016-5636",
"url": "https://bugzilla.suse.com/985177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-5636"
},
{
"cve": "CVE-2016-5699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5699"
}
],
"notes": [
{
"category": "general",
"text": "CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5699",
"url": "https://www.suse.com/security/cve/CVE-2016-5699"
},
{
"category": "external",
"summary": "SUSE Bug 1122729 for CVE-2016-5699",
"url": "https://bugzilla.suse.com/1122729"
},
{
"category": "external",
"summary": "SUSE Bug 1130840 for CVE-2016-5699",
"url": "https://bugzilla.suse.com/1130840"
},
{
"category": "external",
"summary": "SUSE Bug 985348 for CVE-2016-5699",
"url": "https://bugzilla.suse.com/985348"
},
{
"category": "external",
"summary": "SUSE Bug 985351 for CVE-2016-5699",
"url": "https://bugzilla.suse.com/985351"
},
{
"category": "external",
"summary": "SUSE Bug 986630 for CVE-2016-5699",
"url": "https://bugzilla.suse.com/986630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-5699"
},
{
"cve": "CVE-2017-18207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18207"
}
],
"notes": [
{
"category": "general",
"text": "** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18207",
"url": "https://www.suse.com/security/cve/CVE-2017-18207"
},
{
"category": "external",
"summary": "SUSE Bug 1083507 for CVE-2017-18207",
"url": "https://bugzilla.suse.com/1083507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-18207"
},
{
"cve": "CVE-2018-1000802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000802"
}
],
"notes": [
{
"category": "general",
"text": "Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000802",
"url": "https://www.suse.com/security/cve/CVE-2018-1000802"
},
{
"category": "external",
"summary": "SUSE Bug 1109663 for CVE-2018-1000802",
"url": "https://bugzilla.suse.com/1109663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000802"
},
{
"cve": "CVE-2018-1060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1060"
}
],
"notes": [
{
"category": "general",
"text": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib\u0027s apop() method. An attacker could use this flaw to cause denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1060",
"url": "https://www.suse.com/security/cve/CVE-2018-1060"
},
{
"category": "external",
"summary": "SUSE Bug 1088009 for CVE-2018-1060",
"url": "https://bugzilla.suse.com/1088009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-1060"
},
{
"cve": "CVE-2018-1061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1061"
}
],
"notes": [
{
"category": "general",
"text": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1061",
"url": "https://www.suse.com/security/cve/CVE-2018-1061"
},
{
"category": "external",
"summary": "SUSE Bug 1088004 for CVE-2018-1061",
"url": "https://bugzilla.suse.com/1088004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1061"
},
{
"cve": "CVE-2018-14647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14647"
}
],
"notes": [
{
"category": "general",
"text": "Python\u0027s elementtree C accelerator failed to initialise Expat\u0027s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat\u0027s internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14647",
"url": "https://www.suse.com/security/cve/CVE-2018-14647"
},
{
"category": "external",
"summary": "SUSE Bug 1109847 for CVE-2018-14647",
"url": "https://bugzilla.suse.com/1109847"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-14647",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14647"
},
{
"cve": "CVE-2018-20406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20406"
}
],
"notes": [
{
"category": "general",
"text": "Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a \"resize to twice the size\" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20406",
"url": "https://www.suse.com/security/cve/CVE-2018-20406"
},
{
"category": "external",
"summary": "SUSE Bug 1120644 for CVE-2018-20406",
"url": "https://bugzilla.suse.com/1120644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-20406"
},
{
"cve": "CVE-2018-20852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20852"
}
],
"notes": [
{
"category": "general",
"text": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20852",
"url": "https://www.suse.com/security/cve/CVE-2018-20852"
},
{
"category": "external",
"summary": "SUSE Bug 1141853 for CVE-2018-20852",
"url": "https://bugzilla.suse.com/1141853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20852"
},
{
"cve": "CVE-2019-10160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10160"
}
],
"notes": [
{
"category": "general",
"text": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10160",
"url": "https://www.suse.com/security/cve/CVE-2019-10160"
},
{
"category": "external",
"summary": "SUSE Bug 1138459 for CVE-2019-10160",
"url": "https://bugzilla.suse.com/1138459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-10160"
},
{
"cve": "CVE-2019-15903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15903"
}
],
"notes": [
{
"category": "general",
"text": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15903",
"url": "https://www.suse.com/security/cve/CVE-2019-15903"
},
{
"category": "external",
"summary": "SUSE Bug 1149429 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1149429"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154738"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-15903"
},
{
"cve": "CVE-2019-16056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16056"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16056",
"url": "https://www.suse.com/security/cve/CVE-2019-16056"
},
{
"category": "external",
"summary": "SUSE Bug 1149955 for CVE-2019-16056",
"url": "https://bugzilla.suse.com/1149955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16056"
},
{
"cve": "CVE-2019-16935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16935"
}
],
"notes": [
{
"category": "general",
"text": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16935",
"url": "https://www.suse.com/security/cve/CVE-2019-16935"
},
{
"category": "external",
"summary": "SUSE Bug 1153238 for CVE-2019-16935",
"url": "https://bugzilla.suse.com/1153238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16935"
},
{
"cve": "CVE-2019-18348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18348",
"url": "https://www.suse.com/security/cve/CVE-2019-18348"
},
{
"category": "external",
"summary": "SUSE Bug 1155094 for CVE-2019-18348",
"url": "https://bugzilla.suse.com/1155094"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-18348"
},
{
"cve": "CVE-2019-20907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-20907"
}
],
"notes": [
{
"category": "general",
"text": "In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-20907",
"url": "https://www.suse.com/security/cve/CVE-2019-20907"
},
{
"category": "external",
"summary": "SUSE Bug 1174091 for CVE-2019-20907",
"url": "https://bugzilla.suse.com/1174091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-20907"
},
{
"cve": "CVE-2019-20916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-20916"
}
],
"notes": [
{
"category": "general",
"text": "The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-20916",
"url": "https://www.suse.com/security/cve/CVE-2019-20916"
},
{
"category": "external",
"summary": "SUSE Bug 1176262 for CVE-2019-20916",
"url": "https://bugzilla.suse.com/1176262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-20916"
},
{
"cve": "CVE-2019-5010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5010"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5010",
"url": "https://www.suse.com/security/cve/CVE-2019-5010"
},
{
"category": "external",
"summary": "SUSE Bug 1122191 for CVE-2019-5010",
"url": "https://bugzilla.suse.com/1122191"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2019-5010",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-5010"
},
{
"cve": "CVE-2019-9636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9636"
}
],
"notes": [
{
"category": "general",
"text": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9636",
"url": "https://www.suse.com/security/cve/CVE-2019-9636"
},
{
"category": "external",
"summary": "SUSE Bug 1129346 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1129346"
},
{
"category": "external",
"summary": "SUSE Bug 1135433 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1135433"
},
{
"category": "external",
"summary": "SUSE Bug 1138459 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1138459"
},
{
"category": "external",
"summary": "SUSE Bug 1145004 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1145004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9636"
},
{
"cve": "CVE-2019-9674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9674"
}
],
"notes": [
{
"category": "general",
"text": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9674",
"url": "https://www.suse.com/security/cve/CVE-2019-9674"
},
{
"category": "external",
"summary": "SUSE Bug 1162825 for CVE-2019-9674",
"url": "https://bugzilla.suse.com/1162825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-9674"
},
{
"cve": "CVE-2019-9947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9947"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9947",
"url": "https://www.suse.com/security/cve/CVE-2019-9947"
},
{
"category": "external",
"summary": "SUSE Bug 1130840 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1130840"
},
{
"category": "external",
"summary": "SUSE Bug 1136184 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1136184"
},
{
"category": "external",
"summary": "SUSE Bug 1155094 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1155094"
},
{
"category": "external",
"summary": "SUSE Bug 1201559 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1201559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-9947"
},
{
"cve": "CVE-2020-14422",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14422"
}
],
"notes": [
{
"category": "general",
"text": "Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14422",
"url": "https://www.suse.com/security/cve/CVE-2020-14422"
},
{
"category": "external",
"summary": "SUSE Bug 1173274 for CVE-2020-14422",
"url": "https://bugzilla.suse.com/1173274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14422"
},
{
"cve": "CVE-2020-26116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26116"
}
],
"notes": [
{
"category": "general",
"text": "http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26116",
"url": "https://www.suse.com/security/cve/CVE-2020-26116"
},
{
"category": "external",
"summary": "SUSE Bug 1177120 for CVE-2020-26116",
"url": "https://bugzilla.suse.com/1177120"
},
{
"category": "external",
"summary": "SUSE Bug 1177211 for CVE-2020-26116",
"url": "https://bugzilla.suse.com/1177211"
},
{
"category": "external",
"summary": "SUSE Bug 1192361 for CVE-2020-26116",
"url": "https://bugzilla.suse.com/1192361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-26116"
},
{
"cve": "CVE-2020-27619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27619"
}
],
"notes": [
{
"category": "general",
"text": "In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27619",
"url": "https://www.suse.com/security/cve/CVE-2020-27619"
},
{
"category": "external",
"summary": "SUSE Bug 1178009 for CVE-2020-27619",
"url": "https://bugzilla.suse.com/1178009"
},
{
"category": "external",
"summary": "SUSE Bug 1180254 for CVE-2020-27619",
"url": "https://bugzilla.suse.com/1180254"
},
{
"category": "external",
"summary": "SUSE Bug 1193386 for CVE-2020-27619",
"url": "https://bugzilla.suse.com/1193386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-27619"
},
{
"cve": "CVE-2020-8492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8492"
}
],
"notes": [
{
"category": "general",
"text": "Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8492",
"url": "https://www.suse.com/security/cve/CVE-2020-8492"
},
{
"category": "external",
"summary": "SUSE Bug 1162367 for CVE-2020-8492",
"url": "https://bugzilla.suse.com/1162367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8492"
},
{
"cve": "CVE-2021-23336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23336"
}
],
"notes": [
{
"category": "general",
"text": "The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23336",
"url": "https://www.suse.com/security/cve/CVE-2021-23336"
},
{
"category": "external",
"summary": "SUSE Bug 1182179 for CVE-2021-23336",
"url": "https://bugzilla.suse.com/1182179"
},
{
"category": "external",
"summary": "SUSE Bug 1182379 for CVE-2021-23336",
"url": "https://bugzilla.suse.com/1182379"
},
{
"category": "external",
"summary": "SUSE Bug 1182433 for CVE-2021-23336",
"url": "https://bugzilla.suse.com/1182433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23336"
},
{
"cve": "CVE-2021-3177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3177"
}
],
"notes": [
{
"category": "general",
"text": "Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3177",
"url": "https://www.suse.com/security/cve/CVE-2021-3177"
},
{
"category": "external",
"summary": "SUSE Bug 1181126 for CVE-2021-3177",
"url": "https://bugzilla.suse.com/1181126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3177"
},
{
"cve": "CVE-2021-3426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3426"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a flaw in Python 3\u0027s pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3426",
"url": "https://www.suse.com/security/cve/CVE-2021-3426"
},
{
"category": "external",
"summary": "SUSE Bug 1183374 for CVE-2021-3426",
"url": "https://bugzilla.suse.com/1183374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3426"
},
{
"cve": "CVE-2021-3733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3733"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a flaw in urllib\u0027s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3733",
"url": "https://www.suse.com/security/cve/CVE-2021-3733"
},
{
"category": "external",
"summary": "SUSE Bug 1189287 for CVE-2021-3733",
"url": "https://bugzilla.suse.com/1189287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-3733"
},
{
"cve": "CVE-2021-3737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3737"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3737",
"url": "https://www.suse.com/security/cve/CVE-2021-3737"
},
{
"category": "external",
"summary": "SUSE Bug 1189241 for CVE-2021-3737",
"url": "https://bugzilla.suse.com/1189241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-32bit-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-curses-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-dbm-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-idle-3.6.15-1.1.x86_64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.aarch64",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.ppc64le",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.s390x",
"openSUSE Tumbleweed:python36-tk-3.6.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3737"
}
]
}
RHBA-2020:1539
Vulnerability from csaf_redhat - Published: 2020-04-22 13:24 - Updated: 2026-05-14 18:19Summary
Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Severity
Critical
Notes
Topic: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Details: * Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)
* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)
* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)
* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.
6.8 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.
4.3 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
CWE-400 - Uncontrolled Resource ConsumptionAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
5.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
4.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials.
CWE-522 - Insufficiently Protected CredentialsAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
7.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.
4.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This issue affects only the newly created files and not existing ones. If the file already exists at the final destination, those permissions are retained. This could lead to the disclosure of sensitive data.
CWE-732 - Incorrect Permission Assignment for Critical ResourceAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file.
CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in Ansible Engine. When a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.
CWE-377 - Insecure Temporary FileAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.
5.0 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.
5.0 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.
7.9 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.
5.0 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
123 references
Acknowledgments
Mozilla project
Ucha Gobejishvili
The GNOME Project
Ray Strode
Maxime Vellard
the Curl project
l00p3r
Quarkslab
Damien Aumaitre
Nicolas Surbayrole
Felix Fountein
Red Hat
Abhijeet Kasurde
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container",
"title": "Topic"
},
{
"category": "general",
"text": "* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)\n* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)\n* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)\n* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2020:1539",
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_1539.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container",
"tracking": {
"current_release_date": "2026-05-14T18:19:37+00:00",
"generator": {
"date": "2026-05-14T18:19:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHBA-2020:1539",
"initial_release_date": "2020-04-22T13:24:05+00:00",
"revision_history": [
{
"date": "2020-04-22T13:24:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-22T13:24:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T18:19:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Tower 3.5 for RHEL 7 Server",
"product": {
"name": "Red Hat Ansible Tower 3.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_tower:3.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Tower"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64",
"product": {
"name": "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64",
"product_id": "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-35/ansible-tower\u0026tag=3.5.6-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 as a component of Red Hat Ansible Tower 3.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
},
"product_reference": "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Ucha Gobejishvili"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-2716",
"discovery_date": "2015-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1220607"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of expat package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-2716"
},
{
"category": "external",
"summary": "RHBZ#1220607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1220607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-2716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2716"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html"
}
],
"release_date": "2015-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()"
},
{
"cve": "CVE-2015-8035",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2015-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1277146"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: DoS caused by incorrect error detection during XZ decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8035"
},
{
"category": "external",
"summary": "RHBZ#1277146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277146"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8035"
}
],
"release_date": "2015-11-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: DoS caused by incorrect error detection during XZ decompression"
},
{
"cve": "CVE-2016-5131",
"discovery_date": "2016-07-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1358641"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use after free triggered by XPointer paths beginning with range-to",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5131"
},
{
"category": "external",
"summary": "RHBZ#1358641",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358641"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5131"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html",
"url": "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html"
}
],
"release_date": "2016-07-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Use after free triggered by XPointer paths beginning with range-to"
},
{
"cve": "CVE-2017-15412",
"discovery_date": "2017-12-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1523128"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-15412"
},
{
"category": "external",
"summary": "RHBZ#1523128",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523128"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15412"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c"
},
{
"cve": "CVE-2017-18258",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-04-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1566749"
}
],
"notes": [
{
"category": "description",
"text": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18258"
},
{
"category": "external",
"summary": "RHBZ#1566749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258"
}
],
"release_date": "2017-09-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c"
},
{
"cve": "CVE-2018-10360",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-06-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1590000"
}
],
"notes": [
{
"category": "description",
"text": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "file: out-of-bounds read via a crafted ELF file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10360"
},
{
"category": "external",
"summary": "RHBZ#1590000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10360",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10360"
}
],
"release_date": "2018-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "file: out-of-bounds read via a crafted ELF file"
},
{
"cve": "CVE-2018-14404",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1595985"
}
],
"notes": [
{
"category": "description",
"text": "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14404"
},
{
"category": "external",
"summary": "RHBZ#1595985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595985"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14404",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14404"
}
],
"release_date": "2018-06-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c"
},
{
"cve": "CVE-2018-14567",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-08-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1619875"
}
],
"notes": [
{
"category": "description",
"text": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14567"
},
{
"category": "external",
"summary": "RHBZ#1619875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14567"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14567",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14567"
}
],
"release_date": "2018-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression"
},
{
"cve": "CVE-2018-18074",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2018-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1643829"
}
],
"notes": [
{
"category": "description",
"text": "A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user\u0027s valid credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-18074"
},
{
"category": "external",
"summary": "RHBZ#1643829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-18074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18074"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header"
},
{
"cve": "CVE-2018-20060",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2018-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1649153"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20060"
},
{
"category": "external",
"summary": "RHBZ#1649153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20060"
}
],
"release_date": "2018-03-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Use `retries=urllib3.Retry(redirect=0)` when performing requests if you do not need redirection and handle the redirects manually if you need them.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure"
},
{
"cve": "CVE-2018-20852",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1740347"
}
],
"notes": [
{
"category": "description",
"text": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Cookie domain check returns incorrect results",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of python3 as shipped with Red Hat Enterprise Linux 7 and 8. This issue affects the versions of python2 and python36 as shipped with Red Hat Enterprise Linux 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20852"
},
{
"category": "external",
"summary": "RHBZ#1740347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1740347"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20852"
}
],
"release_date": "2018-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "A potentially simple workaround in the absence of patch on affected versions is to set DomainStrict in the cookiepolicy that would make sure a literal match against domain. The disadvantage would be that cookie set on example.com would not be shared with subdomain which might break workflow.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: Cookie domain check returns incorrect results"
},
{
"acknowledgments": [
{
"names": [
"Ray Strode"
],
"organization": "The GNOME Project"
},
{
"names": [
"Maxime Vellard"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-3820",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2019-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1669391"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnome-shell: partial lock screen bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3820"
},
{
"category": "external",
"summary": "RHBZ#1669391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1669391"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3820"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851",
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851"
}
],
"release_date": "2019-02-05T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnome-shell: partial lock screen bypass"
},
{
"acknowledgments": [
{
"names": [
"the Curl project"
]
},
{
"names": [
"l00p3r"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-5436",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2019-05-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1710620"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw exists if the user selects to use a \"blksize\" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes.\nUsers choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. It is rare for users to use TFTP across the Internet. It is most commonly used within local networks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5436"
},
{
"category": "external",
"summary": "RHBZ#1710620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710620"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5436",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5436"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/CVE-2019-5436.html",
"url": "https://curl.haxx.se/docs/CVE-2019-5436.html"
}
],
"release_date": "2019-05-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function"
},
{
"cve": "CVE-2019-9924",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"discovery_date": "2019-03-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1691774"
}
],
"notes": [
{
"category": "description",
"text": "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bash: BASH_CMD is writable in restricted bash shells",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it.\n\nThis issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable.\n\nRed Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9924"
},
{
"category": "external",
"summary": "RHBZ#1691774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691774"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9924",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9924"
}
],
"release_date": "2019-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bash: BASH_CMD is writable in restricted bash shells"
},
{
"cve": "CVE-2019-11236",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1700824"
}
],
"notes": [
{
"category": "description",
"text": "In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-urllib3: CRLF injection due to not encoding the \u0027\\r\\n\u0027 sequence leading to possible attack on internal service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of python-urllib3 shipped with Red Hat Gluster Storage 3, as it is vulnerable to CRLF injection.\n\nRed Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11236"
},
{
"category": "external",
"summary": "RHBZ#1700824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1700824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11236",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11236"
}
],
"release_date": "2019-03-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-urllib3: CRLF injection due to not encoding the \u0027\\r\\n\u0027 sequence leading to possible attack on internal service"
},
{
"cve": "CVE-2019-16056",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1749839"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: email.utils.parseaddr wrongly parses email addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16056"
},
{
"category": "external",
"summary": "RHBZ#1749839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1749839"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16056",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16056"
}
],
"release_date": "2018-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: email.utils.parseaddr wrongly parses email addresses"
},
{
"cve": "CVE-2019-17041",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2019-10-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1766693"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17041"
},
{
"category": "external",
"summary": "RHBZ#1766693",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1766693"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17041",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17041"
}
],
"release_date": "2019-09-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c"
},
{
"cve": "CVE-2019-17042",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2019-10-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1766700"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17042"
},
{
"category": "external",
"summary": "RHBZ#1766700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1766700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17042",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17042"
}
],
"release_date": "2019-10-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1734",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2019-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1801804"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: shell enabled by default in a pipe lookup plugin subprocess",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1734"
},
{
"category": "external",
"summary": "RHBZ#1801804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "This issue can be avoided by escaping variables which are used in the lookup.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: shell enabled by default in a pipe lookup plugin subprocess"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1735",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: path injection on dest parameter in fetch module",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1735"
},
{
"category": "external",
"summary": "RHBZ#1802085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1735"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: path injection on dest parameter in fetch module"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1736",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802124"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This issue affects only the newly created files and not existing ones. If the file already exists at the final destination, those permissions are retained. This could lead to the disclosure of sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: atomic_move primitive sets permissive permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.8.14 and 2.9.12 as well as previous versions and all 2.7.x versions are affected.\n\nAnsible Tower 3.6.5 and 3.7.2 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1736"
},
{
"category": "external",
"summary": "RHBZ#1802124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802124"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1736",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "This issue can be mitigated by specifying the \"mode\" on the task. That just leaves a race condition in place where newly created files that specify a mode in the task briefly go from 666 - umask to the final mode. An alternative workaround if many new files are created and to avoid setting a specific mode for each file would be to set the \"mode\" to \"preserve\" value. That will maintain the permissions of the source file on the controller in the final file on the managed host.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: atomic_move primitive sets permissive permissions"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1737",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2020-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Extract-Zip function in win_unzip module does not check extracted path",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1737"
},
{
"category": "external",
"summary": "RHBZ#1802154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1737"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1737",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1737"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Extract-Zip function in win_unzip module does not check extracted path"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1738",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802164"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Engine when the module package or service is used and the parameter \u0027use\u0027 is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: module package can be selected by the ansible facts",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1738"
},
{
"category": "external",
"summary": "RHBZ#1802164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1738",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1738"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Specify the parameter \u0027use\u0027 when possible on the package and service modules. Avoid using Ansible Collections on Ansible 2.8.9 or 2.7.16 (and any of the previous versions) as they are not rejecting python with no path (already fixed in 2.9.x).",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: module package can be selected by the ansible facts"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1739",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802178"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: svn module leaks password when specified as a parameter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1739"
},
{
"category": "external",
"summary": "RHBZ#1802178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802178"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1739",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1739"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1739",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1739"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Instead of using the parameter \u0027password\u0027 of the subversion module, provide the password with stdin.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: svn module leaks password when specified as a parameter"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1740",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802193"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: secrets readable after ansible-vault edit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1740"
},
{
"category": "external",
"summary": "RHBZ#1802193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1740"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue except avoid using the \u0027edit\u0027 option from \u0027ansible-vault\u0027 command line tool.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: secrets readable after ansible-vault edit"
},
{
"acknowledgments": [
{
"names": [
"Felix Fountein"
]
}
],
"cve": "CVE-2020-1746",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805491"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Information disclosure issue in ldap_attr and ldap_entry modules",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1746"
},
{
"category": "external",
"summary": "RHBZ#1805491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805491"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1746"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1746",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1746"
}
],
"release_date": "2020-02-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: Information disclosure issue in ldap_attr and ldap_entry modules"
},
{
"acknowledgments": [
{
"names": [
"Abhijeet Kasurde"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-1753",
"cwe": {
"id": "CWE-214",
"name": "Invocation of Process Using Visible Sensitive Information"
},
"discovery_date": "2020-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1811008"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ansible: kubectl connection plugin leaks sensitive information",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1753"
},
{
"category": "external",
"summary": "RHBZ#1811008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1753",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1753"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1753",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1753"
}
],
"release_date": "2020-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Ansible: kubectl connection plugin leaks sensitive information"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-10684",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815519"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ansible: code injection when using ansible_facts as a subkey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10684"
},
{
"category": "external",
"summary": "RHBZ#1815519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10684",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10684"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10684",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10684"
}
],
"release_date": "2020-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Ansible: code injection when using ansible_facts as a subkey"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-10685",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1814627"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ansible: modules which use files encrypted with vault are not properly cleaned up",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10685"
},
{
"category": "external",
"summary": "RHBZ#1814627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814627"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10685",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10685"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10685",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10685"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Ansible: modules which use files encrypted with vault are not properly cleaned up"
}
]
}
RHBA-2020:1540
Vulnerability from csaf_redhat - Published: 2020-04-22 13:21 - Updated: 2026-05-14 18:19Summary
Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container
Severity
Critical
Notes
Topic: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container
Details: * Added additional metrics to the Prometheus /api/v2/metrics/ endpoint for reporting remaining instance capacity
* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)
* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)
* Fixed event hostnames to be recorded for playbooks run on isolated nodes
* Fixed a PostgreSQL issue that caused upgrade failures in certain situations
* Fixed the search for Source Control credentials in the Tower user interface
* Fixed a performance issue to no longer delay the output of project updates for certain users
* Fixed the installations to no longer fail with admin passwords that contain certain special characters
* Fixed the start time to correctly set for approval notifications
* Fixed an inconsistency in gathered inventory analytics
* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)
* Updated single sign-on integration to address several upcoming GitHub API deprecations
* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109
* Updated translations
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.
6.8 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.
4.3 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
CWE-400 - Uncontrolled Resource ConsumptionAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
5.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
4.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials.
CWE-522 - Insufficiently Protected CredentialsAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
7.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.
5.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file.
5.0 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
88 references
Acknowledgments
Mozilla project
Ucha Gobejishvili
The GNOME Project
Ray Strode
Maxime Vellard
the Curl project
l00p3r
Felix Fountein
Rihards Olups
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container",
"title": "Topic"
},
{
"category": "general",
"text": "* Added additional metrics to the Prometheus /api/v2/metrics/ endpoint for reporting remaining instance capacity\n* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)\n* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)\n* Fixed event hostnames to be recorded for playbooks run on isolated nodes\n* Fixed a PostgreSQL issue that caused upgrade failures in certain situations\n* Fixed the search for Source Control credentials in the Tower user interface\n* Fixed a performance issue to no longer delay the output of project updates for certain users\n* Fixed the installations to no longer fail with admin passwords that contain certain special characters\n* Fixed the start time to correctly set for approval notifications\n* Fixed an inconsistency in gathered inventory analytics\n* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)\n* Updated single sign-on integration to address several upcoming GitHub API deprecations\n* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109\n* Updated translations",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2020:1540",
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_1540.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container",
"tracking": {
"current_release_date": "2026-05-14T18:19:38+00:00",
"generator": {
"date": "2026-05-14T18:19:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHBA-2020:1540",
"initial_release_date": "2020-04-22T13:21:59+00:00",
"revision_history": [
{
"date": "2020-04-22T13:21:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-22T13:21:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T18:19:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Tower 3.6 for RHEL 7",
"product": {
"name": "Red Hat Ansible Tower 3.6 for RHEL 7",
"product_id": "7Server-Ansible-Tower-3.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_tower:3.6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Tower"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64",
"product": {
"name": "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64",
"product_id": "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-36/ansible-tower\u0026tag=3.6.4-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 as a component of Red Hat Ansible Tower 3.6 for RHEL 7",
"product_id": "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
},
"product_reference": "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.6"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Ucha Gobejishvili"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-2716",
"discovery_date": "2015-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1220607"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of expat package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-2716"
},
{
"category": "external",
"summary": "RHBZ#1220607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1220607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-2716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2716"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html"
}
],
"release_date": "2015-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()"
},
{
"cve": "CVE-2015-8035",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2015-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1277146"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: DoS caused by incorrect error detection during XZ decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8035"
},
{
"category": "external",
"summary": "RHBZ#1277146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277146"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8035"
}
],
"release_date": "2015-11-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: DoS caused by incorrect error detection during XZ decompression"
},
{
"cve": "CVE-2016-5131",
"discovery_date": "2016-07-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1358641"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use after free triggered by XPointer paths beginning with range-to",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5131"
},
{
"category": "external",
"summary": "RHBZ#1358641",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358641"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5131"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html",
"url": "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html"
}
],
"release_date": "2016-07-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Use after free triggered by XPointer paths beginning with range-to"
},
{
"cve": "CVE-2017-15412",
"discovery_date": "2017-12-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1523128"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-15412"
},
{
"category": "external",
"summary": "RHBZ#1523128",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523128"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15412"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c"
},
{
"cve": "CVE-2017-18258",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-04-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1566749"
}
],
"notes": [
{
"category": "description",
"text": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18258"
},
{
"category": "external",
"summary": "RHBZ#1566749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258"
}
],
"release_date": "2017-09-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c"
},
{
"cve": "CVE-2018-10360",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-06-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1590000"
}
],
"notes": [
{
"category": "description",
"text": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "file: out-of-bounds read via a crafted ELF file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10360"
},
{
"category": "external",
"summary": "RHBZ#1590000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10360",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10360"
}
],
"release_date": "2018-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "file: out-of-bounds read via a crafted ELF file"
},
{
"cve": "CVE-2018-14404",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1595985"
}
],
"notes": [
{
"category": "description",
"text": "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14404"
},
{
"category": "external",
"summary": "RHBZ#1595985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595985"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14404",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14404"
}
],
"release_date": "2018-06-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c"
},
{
"cve": "CVE-2018-14567",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-08-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1619875"
}
],
"notes": [
{
"category": "description",
"text": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14567"
},
{
"category": "external",
"summary": "RHBZ#1619875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14567"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14567",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14567"
}
],
"release_date": "2018-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression"
},
{
"cve": "CVE-2018-18074",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2018-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1643829"
}
],
"notes": [
{
"category": "description",
"text": "A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user\u0027s valid credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-18074"
},
{
"category": "external",
"summary": "RHBZ#1643829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-18074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18074"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header"
},
{
"cve": "CVE-2018-20060",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2018-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1649153"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20060"
},
{
"category": "external",
"summary": "RHBZ#1649153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20060"
}
],
"release_date": "2018-03-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
},
{
"category": "workaround",
"details": "Use `retries=urllib3.Retry(redirect=0)` when performing requests if you do not need redirection and handle the redirects manually if you need them.",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure"
},
{
"cve": "CVE-2018-20852",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1740347"
}
],
"notes": [
{
"category": "description",
"text": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Cookie domain check returns incorrect results",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of python3 as shipped with Red Hat Enterprise Linux 7 and 8. This issue affects the versions of python2 and python36 as shipped with Red Hat Enterprise Linux 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20852"
},
{
"category": "external",
"summary": "RHBZ#1740347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1740347"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20852"
}
],
"release_date": "2018-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
},
{
"category": "workaround",
"details": "A potentially simple workaround in the absence of patch on affected versions is to set DomainStrict in the cookiepolicy that would make sure a literal match against domain. The disadvantage would be that cookie set on example.com would not be shared with subdomain which might break workflow.",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: Cookie domain check returns incorrect results"
},
{
"acknowledgments": [
{
"names": [
"Ray Strode"
],
"organization": "The GNOME Project"
},
{
"names": [
"Maxime Vellard"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-3820",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2019-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1669391"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnome-shell: partial lock screen bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3820"
},
{
"category": "external",
"summary": "RHBZ#1669391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1669391"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3820"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851",
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851"
}
],
"release_date": "2019-02-05T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnome-shell: partial lock screen bypass"
},
{
"acknowledgments": [
{
"names": [
"the Curl project"
]
},
{
"names": [
"l00p3r"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-5436",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2019-05-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1710620"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw exists if the user selects to use a \"blksize\" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes.\nUsers choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. It is rare for users to use TFTP across the Internet. It is most commonly used within local networks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5436"
},
{
"category": "external",
"summary": "RHBZ#1710620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710620"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5436",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5436"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/CVE-2019-5436.html",
"url": "https://curl.haxx.se/docs/CVE-2019-5436.html"
}
],
"release_date": "2019-05-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function"
},
{
"cve": "CVE-2019-9924",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"discovery_date": "2019-03-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1691774"
}
],
"notes": [
{
"category": "description",
"text": "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bash: BASH_CMD is writable in restricted bash shells",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it.\n\nThis issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable.\n\nRed Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9924"
},
{
"category": "external",
"summary": "RHBZ#1691774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691774"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9924",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9924"
}
],
"release_date": "2019-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bash: BASH_CMD is writable in restricted bash shells"
},
{
"cve": "CVE-2019-11236",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1700824"
}
],
"notes": [
{
"category": "description",
"text": "In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-urllib3: CRLF injection due to not encoding the \u0027\\r\\n\u0027 sequence leading to possible attack on internal service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of python-urllib3 shipped with Red Hat Gluster Storage 3, as it is vulnerable to CRLF injection.\n\nRed Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11236"
},
{
"category": "external",
"summary": "RHBZ#1700824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1700824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11236",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11236"
}
],
"release_date": "2019-03-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-urllib3: CRLF injection due to not encoding the \u0027\\r\\n\u0027 sequence leading to possible attack on internal service"
},
{
"cve": "CVE-2019-16056",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1749839"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: email.utils.parseaddr wrongly parses email addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16056"
},
{
"category": "external",
"summary": "RHBZ#1749839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1749839"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16056",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16056"
}
],
"release_date": "2018-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: email.utils.parseaddr wrongly parses email addresses"
},
{
"cve": "CVE-2019-17041",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2019-10-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1766693"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17041"
},
{
"category": "external",
"summary": "RHBZ#1766693",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1766693"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17041",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17041"
}
],
"release_date": "2019-09-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c"
},
{
"cve": "CVE-2019-17042",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2019-10-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1766700"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17042"
},
{
"category": "external",
"summary": "RHBZ#1766700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1766700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17042",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17042"
}
],
"release_date": "2019-10-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c"
},
{
"acknowledgments": [
{
"names": [
"Felix Fountein"
]
}
],
"cve": "CVE-2020-10691",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1817161"
}
],
"notes": [
{
"category": "description",
"text": "An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ansible: archive traversal vulnerability in ansible-galaxy collection install",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.9.6 as well as previous 2.9.x versions are affected. Ansible versions less than or equal to 2.8 are not affected by this vulnerability as this functionality was introduced on 2.9.\n\nAnsible Tower 3.6.3 as well as previous 3.6.x versions are affected as they use ansible-galaxy collections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10691"
},
{
"category": "external",
"summary": "RHBZ#1817161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10691",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10691"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10691"
}
],
"release_date": "2020-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
},
{
"category": "workaround",
"details": "A possible mitigation of archive traversal issue could be done by restricting file access control and directory write accesses for extracting tarball files. This is feasible only for scenarios when the destination path could be known and enforced beforehand.",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Ansible: archive traversal vulnerability in ansible-galaxy collection install"
},
{
"acknowledgments": [
{
"names": [
"Rihards Olups"
]
}
],
"cve": "CVE-2020-10729",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2020-05-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1831089"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ansible: two random password lookups in same task return same value",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10729"
},
{
"category": "external",
"summary": "RHBZ#1831089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831089"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10729",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10729"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/issues/34144",
"url": "https://github.com/ansible/ansible/issues/34144"
}
],
"release_date": "2017-12-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Ansible: two random password lookups in same task return same value"
}
]
}
RHBA-2020_1539
Vulnerability from csaf_redhat - Published: 2020-04-22 13:24 - Updated: 2024-11-22 14:26Summary
Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Severity
Critical
Notes
Topic: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Details: * Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)
* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)
* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)
* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.
6.8 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.
4.3 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
CWE-400 - Uncontrolled Resource ConsumptionAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
5.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
4.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials.
CWE-522 - Insufficiently Protected CredentialsAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
7.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.
4.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This issue affects only the newly created files and not existing ones. If the file already exists at the final destination, those permissions are retained. This could lead to the disclosure of sensitive data.
CWE-732 - Incorrect Permission Assignment for Critical ResourceAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file.
CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in Ansible Engine. When a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.
CWE-377 - Insecure Temporary FileAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.
5.0 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.
5.0 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.
7.9 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.
5.0 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
123 references
Acknowledgments
Mozilla project
Ucha Gobejishvili
The GNOME Project
Ray Strode
Maxime Vellard
the Curl project
l00p3r
Quarkslab
Damien Aumaitre
Nicolas Surbayrole
Felix Fountein
Red Hat
Abhijeet Kasurde
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container",
"title": "Topic"
},
{
"category": "general",
"text": "* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)\n* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)\n* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)\n* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2020:1539",
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_1539.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container",
"tracking": {
"current_release_date": "2024-11-22T14:26:26+00:00",
"generator": {
"date": "2024-11-22T14:26:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHBA-2020:1539",
"initial_release_date": "2020-04-22T13:24:05+00:00",
"revision_history": [
{
"date": "2020-04-22T13:24:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-22T13:24:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:26:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Tower 3.5 for RHEL 7 Server",
"product": {
"name": "Red Hat Ansible Tower 3.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_tower:3.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Tower"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64",
"product": {
"name": "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64",
"product_id": "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-35/ansible-tower\u0026tag=3.5.6-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 as a component of Red Hat Ansible Tower 3.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
},
"product_reference": "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Ucha Gobejishvili"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-2716",
"discovery_date": "2015-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1220607"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of expat package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-2716"
},
{
"category": "external",
"summary": "RHBZ#1220607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1220607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-2716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2716"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html"
}
],
"release_date": "2015-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()"
},
{
"cve": "CVE-2015-8035",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2015-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1277146"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: DoS caused by incorrect error detection during XZ decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8035"
},
{
"category": "external",
"summary": "RHBZ#1277146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277146"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8035"
}
],
"release_date": "2015-11-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: DoS caused by incorrect error detection during XZ decompression"
},
{
"cve": "CVE-2016-5131",
"discovery_date": "2016-07-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1358641"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use after free triggered by XPointer paths beginning with range-to",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5131"
},
{
"category": "external",
"summary": "RHBZ#1358641",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358641"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5131"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html",
"url": "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html"
}
],
"release_date": "2016-07-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Use after free triggered by XPointer paths beginning with range-to"
},
{
"cve": "CVE-2017-15412",
"discovery_date": "2017-12-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1523128"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-15412"
},
{
"category": "external",
"summary": "RHBZ#1523128",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523128"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15412"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c"
},
{
"cve": "CVE-2017-18258",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-04-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1566749"
}
],
"notes": [
{
"category": "description",
"text": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18258"
},
{
"category": "external",
"summary": "RHBZ#1566749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258"
}
],
"release_date": "2017-09-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c"
},
{
"cve": "CVE-2018-10360",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-06-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1590000"
}
],
"notes": [
{
"category": "description",
"text": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "file: out-of-bounds read via a crafted ELF file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10360"
},
{
"category": "external",
"summary": "RHBZ#1590000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10360",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10360"
}
],
"release_date": "2018-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "file: out-of-bounds read via a crafted ELF file"
},
{
"cve": "CVE-2018-14404",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1595985"
}
],
"notes": [
{
"category": "description",
"text": "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14404"
},
{
"category": "external",
"summary": "RHBZ#1595985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595985"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14404",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14404"
}
],
"release_date": "2018-06-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c"
},
{
"cve": "CVE-2018-14567",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-08-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1619875"
}
],
"notes": [
{
"category": "description",
"text": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14567"
},
{
"category": "external",
"summary": "RHBZ#1619875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14567"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14567",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14567"
}
],
"release_date": "2018-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression"
},
{
"cve": "CVE-2018-18074",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2018-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1643829"
}
],
"notes": [
{
"category": "description",
"text": "A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user\u0027s valid credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-18074"
},
{
"category": "external",
"summary": "RHBZ#1643829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-18074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18074"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header"
},
{
"cve": "CVE-2018-20060",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2018-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1649153"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20060"
},
{
"category": "external",
"summary": "RHBZ#1649153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20060"
}
],
"release_date": "2018-03-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Use `retries=urllib3.Retry(redirect=0)` when performing requests if you do not need redirection and handle the redirects manually if you need them.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure"
},
{
"cve": "CVE-2018-20852",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1740347"
}
],
"notes": [
{
"category": "description",
"text": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Cookie domain check returns incorrect results",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of python3 as shipped with Red Hat Enterprise Linux 7 and 8. This issue affects the versions of python2 and python36 as shipped with Red Hat Enterprise Linux 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20852"
},
{
"category": "external",
"summary": "RHBZ#1740347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1740347"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20852"
}
],
"release_date": "2018-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "A potentially simple workaround in the absence of patch on affected versions is to set DomainStrict in the cookiepolicy that would make sure a literal match against domain. The disadvantage would be that cookie set on example.com would not be shared with subdomain which might break workflow.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: Cookie domain check returns incorrect results"
},
{
"acknowledgments": [
{
"names": [
"Ray Strode"
],
"organization": "The GNOME Project"
},
{
"names": [
"Maxime Vellard"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-3820",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2019-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1669391"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnome-shell: partial lock screen bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3820"
},
{
"category": "external",
"summary": "RHBZ#1669391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1669391"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3820"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851",
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851"
}
],
"release_date": "2019-02-05T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnome-shell: partial lock screen bypass"
},
{
"acknowledgments": [
{
"names": [
"the Curl project"
]
},
{
"names": [
"l00p3r"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-5436",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2019-05-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1710620"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw exists if the user selects to use a \"blksize\" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes.\nUsers choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. It is rare for users to use TFTP across the Internet. It is most commonly used within local networks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5436"
},
{
"category": "external",
"summary": "RHBZ#1710620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710620"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5436",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5436"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/CVE-2019-5436.html",
"url": "https://curl.haxx.se/docs/CVE-2019-5436.html"
}
],
"release_date": "2019-05-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function"
},
{
"cve": "CVE-2019-9924",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"discovery_date": "2019-03-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1691774"
}
],
"notes": [
{
"category": "description",
"text": "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bash: BASH_CMD is writable in restricted bash shells",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it.\n\nThis issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable.\n\nRed Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9924"
},
{
"category": "external",
"summary": "RHBZ#1691774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691774"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9924",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9924"
}
],
"release_date": "2019-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bash: BASH_CMD is writable in restricted bash shells"
},
{
"cve": "CVE-2019-11236",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1700824"
}
],
"notes": [
{
"category": "description",
"text": "In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-urllib3: CRLF injection due to not encoding the \u0027\\r\\n\u0027 sequence leading to possible attack on internal service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of python-urllib3 shipped with Red Hat Gluster Storage 3, as it is vulnerable to CRLF injection.\n\nRed Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11236"
},
{
"category": "external",
"summary": "RHBZ#1700824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1700824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11236",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11236"
}
],
"release_date": "2019-03-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-urllib3: CRLF injection due to not encoding the \u0027\\r\\n\u0027 sequence leading to possible attack on internal service"
},
{
"cve": "CVE-2019-16056",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1749839"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: email.utils.parseaddr wrongly parses email addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16056"
},
{
"category": "external",
"summary": "RHBZ#1749839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1749839"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16056",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16056"
}
],
"release_date": "2018-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: email.utils.parseaddr wrongly parses email addresses"
},
{
"cve": "CVE-2019-17041",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2019-10-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1766693"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17041"
},
{
"category": "external",
"summary": "RHBZ#1766693",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1766693"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17041",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17041"
}
],
"release_date": "2019-09-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c"
},
{
"cve": "CVE-2019-17042",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2019-10-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1766700"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17042"
},
{
"category": "external",
"summary": "RHBZ#1766700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1766700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17042",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17042"
}
],
"release_date": "2019-10-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1734",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2019-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1801804"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: shell enabled by default in a pipe lookup plugin subprocess",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1734"
},
{
"category": "external",
"summary": "RHBZ#1801804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "This issue can be avoided by escaping variables which are used in the lookup.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: shell enabled by default in a pipe lookup plugin subprocess"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1735",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: path injection on dest parameter in fetch module",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1735"
},
{
"category": "external",
"summary": "RHBZ#1802085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1735"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: path injection on dest parameter in fetch module"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1736",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802124"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This issue affects only the newly created files and not existing ones. If the file already exists at the final destination, those permissions are retained. This could lead to the disclosure of sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: atomic_move primitive sets permissive permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.8.14 and 2.9.12 as well as previous versions and all 2.7.x versions are affected.\n\nAnsible Tower 3.6.5 and 3.7.2 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1736"
},
{
"category": "external",
"summary": "RHBZ#1802124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802124"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1736",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "This issue can be mitigated by specifying the \"mode\" on the task. That just leaves a race condition in place where newly created files that specify a mode in the task briefly go from 666 - umask to the final mode. An alternative workaround if many new files are created and to avoid setting a specific mode for each file would be to set the \"mode\" to \"preserve\" value. That will maintain the permissions of the source file on the controller in the final file on the managed host.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: atomic_move primitive sets permissive permissions"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1737",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2020-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Extract-Zip function in win_unzip module does not check extracted path",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1737"
},
{
"category": "external",
"summary": "RHBZ#1802154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1737"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1737",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1737"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Extract-Zip function in win_unzip module does not check extracted path"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1738",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802164"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Engine when the module package or service is used and the parameter \u0027use\u0027 is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: module package can be selected by the ansible facts",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1738"
},
{
"category": "external",
"summary": "RHBZ#1802164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1738",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1738"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Specify the parameter \u0027use\u0027 when possible on the package and service modules. Avoid using Ansible Collections on Ansible 2.8.9 or 2.7.16 (and any of the previous versions) as they are not rejecting python with no path (already fixed in 2.9.x).",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: module package can be selected by the ansible facts"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1739",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802178"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: svn module leaks password when specified as a parameter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1739"
},
{
"category": "external",
"summary": "RHBZ#1802178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802178"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1739",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1739"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1739",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1739"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Instead of using the parameter \u0027password\u0027 of the subversion module, provide the password with stdin.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: svn module leaks password when specified as a parameter"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1740",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802193"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: secrets readable after ansible-vault edit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1740"
},
{
"category": "external",
"summary": "RHBZ#1802193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1740"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue except avoid using the \u0027edit\u0027 option from \u0027ansible-vault\u0027 command line tool.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: secrets readable after ansible-vault edit"
},
{
"acknowledgments": [
{
"names": [
"Felix Fountein"
]
}
],
"cve": "CVE-2020-1746",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805491"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Information disclosure issue in ldap_attr and ldap_entry modules",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1746"
},
{
"category": "external",
"summary": "RHBZ#1805491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805491"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1746"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1746",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1746"
}
],
"release_date": "2020-02-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: Information disclosure issue in ldap_attr and ldap_entry modules"
},
{
"acknowledgments": [
{
"names": [
"Abhijeet Kasurde"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-1753",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2020-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1811008"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ansible: kubectl connection plugin leaks sensitive information",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1753"
},
{
"category": "external",
"summary": "RHBZ#1811008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1753",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1753"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1753",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1753"
}
],
"release_date": "2020-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Ansible: kubectl connection plugin leaks sensitive information"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-10684",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815519"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ansible: code injection when using ansible_facts as a subkey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10684"
},
{
"category": "external",
"summary": "RHBZ#1815519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10684",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10684"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10684",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10684"
}
],
"release_date": "2020-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Ansible: code injection when using ansible_facts as a subkey"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-10685",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1814627"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ansible: modules which use files encrypted with vault are not properly cleaned up",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10685"
},
{
"category": "external",
"summary": "RHBZ#1814627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814627"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10685",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10685"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10685",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10685"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:24:05+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Ansible: modules which use files encrypted with vault are not properly cleaned up"
}
]
}
RHBA-2020_1540
Vulnerability from csaf_redhat - Published: 2020-04-22 13:21 - Updated: 2024-11-22 14:31Summary
Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container
Severity
Critical
Notes
Topic: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container
Details: * Added additional metrics to the Prometheus /api/v2/metrics/ endpoint for reporting remaining instance capacity
* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)
* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)
* Fixed event hostnames to be recorded for playbooks run on isolated nodes
* Fixed a PostgreSQL issue that caused upgrade failures in certain situations
* Fixed the search for Source Control credentials in the Tower user interface
* Fixed a performance issue to no longer delay the output of project updates for certain users
* Fixed the installations to no longer fail with admin passwords that contain certain special characters
* Fixed the start time to correctly set for approval notifications
* Fixed an inconsistency in gathered inventory analytics
* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)
* Updated single sign-on integration to address several upcoming GitHub API deprecations
* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109
* Updated translations
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.
6.8 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.
4.3 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
CWE-400 - Uncontrolled Resource ConsumptionAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
5.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
4.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials.
CWE-522 - Insufficiently Protected CredentialsAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
7.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.
5.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file.
5.0 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
88 references
Acknowledgments
Mozilla project
Ucha Gobejishvili
The GNOME Project
Ray Strode
Maxime Vellard
the Curl project
l00p3r
Felix Fountein
Rihards Olups
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container",
"title": "Topic"
},
{
"category": "general",
"text": "* Added additional metrics to the Prometheus /api/v2/metrics/ endpoint for reporting remaining instance capacity\n* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)\n* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)\n* Fixed event hostnames to be recorded for playbooks run on isolated nodes\n* Fixed a PostgreSQL issue that caused upgrade failures in certain situations\n* Fixed the search for Source Control credentials in the Tower user interface\n* Fixed a performance issue to no longer delay the output of project updates for certain users\n* Fixed the installations to no longer fail with admin passwords that contain certain special characters\n* Fixed the start time to correctly set for approval notifications\n* Fixed an inconsistency in gathered inventory analytics\n* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)\n* Updated single sign-on integration to address several upcoming GitHub API deprecations\n* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109\n* Updated translations",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2020:1540",
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_1540.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container",
"tracking": {
"current_release_date": "2024-11-22T14:31:18+00:00",
"generator": {
"date": "2024-11-22T14:31:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHBA-2020:1540",
"initial_release_date": "2020-04-22T13:21:59+00:00",
"revision_history": [
{
"date": "2020-04-22T13:21:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-22T13:21:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:31:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Tower 3.6 for RHEL 7",
"product": {
"name": "Red Hat Ansible Tower 3.6 for RHEL 7",
"product_id": "7Server-Ansible-Tower-3.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_tower:3.6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Tower"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64",
"product": {
"name": "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64",
"product_id": "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-36/ansible-tower\u0026tag=3.6.4-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 as a component of Red Hat Ansible Tower 3.6 for RHEL 7",
"product_id": "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
},
"product_reference": "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.6"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Ucha Gobejishvili"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-2716",
"discovery_date": "2015-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1220607"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of expat package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-2716"
},
{
"category": "external",
"summary": "RHBZ#1220607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1220607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-2716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2716"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html"
}
],
"release_date": "2015-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()"
},
{
"cve": "CVE-2015-8035",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2015-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1277146"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: DoS caused by incorrect error detection during XZ decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8035"
},
{
"category": "external",
"summary": "RHBZ#1277146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277146"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8035"
}
],
"release_date": "2015-11-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: DoS caused by incorrect error detection during XZ decompression"
},
{
"cve": "CVE-2016-5131",
"discovery_date": "2016-07-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1358641"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use after free triggered by XPointer paths beginning with range-to",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5131"
},
{
"category": "external",
"summary": "RHBZ#1358641",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358641"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5131"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html",
"url": "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html"
}
],
"release_date": "2016-07-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Use after free triggered by XPointer paths beginning with range-to"
},
{
"cve": "CVE-2017-15412",
"discovery_date": "2017-12-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1523128"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-15412"
},
{
"category": "external",
"summary": "RHBZ#1523128",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523128"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15412"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c"
},
{
"cve": "CVE-2017-18258",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-04-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1566749"
}
],
"notes": [
{
"category": "description",
"text": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18258"
},
{
"category": "external",
"summary": "RHBZ#1566749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258"
}
],
"release_date": "2017-09-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c"
},
{
"cve": "CVE-2018-10360",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-06-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1590000"
}
],
"notes": [
{
"category": "description",
"text": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "file: out-of-bounds read via a crafted ELF file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10360"
},
{
"category": "external",
"summary": "RHBZ#1590000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10360",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10360"
}
],
"release_date": "2018-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "file: out-of-bounds read via a crafted ELF file"
},
{
"cve": "CVE-2018-14404",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1595985"
}
],
"notes": [
{
"category": "description",
"text": "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14404"
},
{
"category": "external",
"summary": "RHBZ#1595985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595985"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14404",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14404"
}
],
"release_date": "2018-06-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c"
},
{
"cve": "CVE-2018-14567",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-08-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1619875"
}
],
"notes": [
{
"category": "description",
"text": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14567"
},
{
"category": "external",
"summary": "RHBZ#1619875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14567"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14567",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14567"
}
],
"release_date": "2018-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression"
},
{
"cve": "CVE-2018-18074",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2018-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1643829"
}
],
"notes": [
{
"category": "description",
"text": "A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user\u0027s valid credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-18074"
},
{
"category": "external",
"summary": "RHBZ#1643829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-18074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18074"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header"
},
{
"cve": "CVE-2018-20060",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2018-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1649153"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20060"
},
{
"category": "external",
"summary": "RHBZ#1649153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20060"
}
],
"release_date": "2018-03-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
},
{
"category": "workaround",
"details": "Use `retries=urllib3.Retry(redirect=0)` when performing requests if you do not need redirection and handle the redirects manually if you need them.",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure"
},
{
"cve": "CVE-2018-20852",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1740347"
}
],
"notes": [
{
"category": "description",
"text": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Cookie domain check returns incorrect results",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of python3 as shipped with Red Hat Enterprise Linux 7 and 8. This issue affects the versions of python2 and python36 as shipped with Red Hat Enterprise Linux 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20852"
},
{
"category": "external",
"summary": "RHBZ#1740347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1740347"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20852"
}
],
"release_date": "2018-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
},
{
"category": "workaround",
"details": "A potentially simple workaround in the absence of patch on affected versions is to set DomainStrict in the cookiepolicy that would make sure a literal match against domain. The disadvantage would be that cookie set on example.com would not be shared with subdomain which might break workflow.",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: Cookie domain check returns incorrect results"
},
{
"acknowledgments": [
{
"names": [
"Ray Strode"
],
"organization": "The GNOME Project"
},
{
"names": [
"Maxime Vellard"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-3820",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2019-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1669391"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnome-shell: partial lock screen bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3820"
},
{
"category": "external",
"summary": "RHBZ#1669391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1669391"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3820"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851",
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851"
}
],
"release_date": "2019-02-05T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnome-shell: partial lock screen bypass"
},
{
"acknowledgments": [
{
"names": [
"the Curl project"
]
},
{
"names": [
"l00p3r"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-5436",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2019-05-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1710620"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw exists if the user selects to use a \"blksize\" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes.\nUsers choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. It is rare for users to use TFTP across the Internet. It is most commonly used within local networks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5436"
},
{
"category": "external",
"summary": "RHBZ#1710620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710620"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5436",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5436"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/CVE-2019-5436.html",
"url": "https://curl.haxx.se/docs/CVE-2019-5436.html"
}
],
"release_date": "2019-05-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function"
},
{
"cve": "CVE-2019-9924",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"discovery_date": "2019-03-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1691774"
}
],
"notes": [
{
"category": "description",
"text": "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bash: BASH_CMD is writable in restricted bash shells",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it.\n\nThis issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable.\n\nRed Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9924"
},
{
"category": "external",
"summary": "RHBZ#1691774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691774"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9924",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9924"
}
],
"release_date": "2019-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bash: BASH_CMD is writable in restricted bash shells"
},
{
"cve": "CVE-2019-11236",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1700824"
}
],
"notes": [
{
"category": "description",
"text": "In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-urllib3: CRLF injection due to not encoding the \u0027\\r\\n\u0027 sequence leading to possible attack on internal service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of python-urllib3 shipped with Red Hat Gluster Storage 3, as it is vulnerable to CRLF injection.\n\nRed Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11236"
},
{
"category": "external",
"summary": "RHBZ#1700824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1700824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11236",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11236"
}
],
"release_date": "2019-03-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-urllib3: CRLF injection due to not encoding the \u0027\\r\\n\u0027 sequence leading to possible attack on internal service"
},
{
"cve": "CVE-2019-16056",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1749839"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: email.utils.parseaddr wrongly parses email addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16056"
},
{
"category": "external",
"summary": "RHBZ#1749839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1749839"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16056",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16056"
}
],
"release_date": "2018-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: email.utils.parseaddr wrongly parses email addresses"
},
{
"cve": "CVE-2019-17041",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2019-10-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1766693"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17041"
},
{
"category": "external",
"summary": "RHBZ#1766693",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1766693"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17041",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17041"
}
],
"release_date": "2019-09-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c"
},
{
"cve": "CVE-2019-17042",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2019-10-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1766700"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17042"
},
{
"category": "external",
"summary": "RHBZ#1766700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1766700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17042",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17042"
}
],
"release_date": "2019-10-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c"
},
{
"acknowledgments": [
{
"names": [
"Felix Fountein"
]
}
],
"cve": "CVE-2020-10691",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1817161"
}
],
"notes": [
{
"category": "description",
"text": "An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ansible: archive traversal vulnerability in ansible-galaxy collection install",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.9.6 as well as previous 2.9.x versions are affected. Ansible versions less than or equal to 2.8 are not affected by this vulnerability as this functionality was introduced on 2.9.\n\nAnsible Tower 3.6.3 as well as previous 3.6.x versions are affected as they use ansible-galaxy collections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10691"
},
{
"category": "external",
"summary": "RHBZ#1817161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10691",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10691"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10691"
}
],
"release_date": "2020-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
},
{
"category": "workaround",
"details": "A possible mitigation of archive traversal issue could be done by restricting file access control and directory write accesses for extracting tarball files. This is feasible only for scenarios when the destination path could be known and enforced beforehand.",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Ansible: archive traversal vulnerability in ansible-galaxy collection install"
},
{
"acknowledgments": [
{
"names": [
"Rihards Olups"
]
}
],
"cve": "CVE-2020-10729",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2020-05-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1831089"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ansible: two random password lookups in same task return same value",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10729"
},
{
"category": "external",
"summary": "RHBZ#1831089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831089"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10729",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10729"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/issues/34144",
"url": "https://github.com/ansible/ansible/issues/34144"
}
],
"release_date": "2017-12-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-22T13:21:59+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:1540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Ansible: two random password lookups in same task return same value"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…