Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-28346 (GCVE-0-2022-28346)
Vulnerability from cvelistv5 – Published: 2022-04-12 00:00 – Updated: 2025-02-13 16:32
VLAI
EPSS
Summary
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
9 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:14.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21forum/django-announce"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.djangoproject.com/en/4.0/releases/security/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"
},
{
"name": "[debian-lts-announce] 20220414 [SECURITY] [DLA 2982-1] python-django security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0002/"
},
{
"name": "DSA-5254",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5254"
},
{
"name": "FEDORA-2023-8fed428c5e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/"
},
{
"name": "FEDORA-2023-a53ab7c969",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-28T03:06:20.960Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://groups.google.com/forum/#%21forum/django-announce"
},
{
"url": "https://docs.djangoproject.com/en/4.0/releases/security/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/1"
},
{
"url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"
},
{
"name": "[debian-lts-announce] 20220414 [SECURITY] [DLA 2982-1] python-django security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220609-0002/"
},
{
"name": "DSA-5254",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5254"
},
{
"name": "FEDORA-2023-8fed428c5e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/"
},
{
"name": "FEDORA-2023-a53ab7c969",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28346",
"datePublished": "2022-04-12T00:00:00.000Z",
"dateReserved": "2022-04-02T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:32:33.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-28346",
"date": "2026-06-14",
"epss": "0.01971",
"percentile": "0.8398"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.2\", \"versionEndExcluding\": \"2.2.28\", \"matchCriteriaId\": \"A545BDF6-D358-44FB-8FF7-5D0166DC6B9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.2\", \"versionEndExcluding\": \"3.2.13\", \"matchCriteriaId\": \"7ED1BF93-9E2C-457C-9596-F946FE223BAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0\", \"versionEndExcluding\": \"4.0.4\", \"matchCriteriaId\": \"36239F45-F5DF-4014-A2D0-F691D749C4CF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.\"}, {\"lang\": \"es\", \"value\": \"Se ha detectado un problema en Django versiones 2.2 anteriores a 2.2.28, 3.2 anteriores a 3.2.13 y 4.0 anteriores a 4.0.4. Los m\\u00e9todos QuerySet.annotate(), aggregate() y extra() est\\u00e1n sujetos a inyecci\\u00f3n SQL en los alias de columna por medio de un diccionario dise\\u00f1ado (con expansi\\u00f3n de diccionario) como los **kwargs pasados\"}]",
"id": "CVE-2022-28346",
"lastModified": "2024-11-21T06:57:11.007",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-04-12T05:15:06.927",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2022/04/11/1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://docs.djangoproject.com/en/4.0/releases/security/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://groups.google.com/forum/#%21forum/django-announce\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220609-0002/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5254\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/04/11/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://docs.djangoproject.com/en/4.0/releases/security/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://groups.google.com/forum/#%21forum/django-announce\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220609-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5254\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-28346\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-04-12T05:15:06.927\",\"lastModified\":\"2024-11-21T06:57:11.007\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un problema en Django versiones 2.2 anteriores a 2.2.28, 3.2 anteriores a 3.2.13 y 4.0 anteriores a 4.0.4. Los m\u00e9todos QuerySet.annotate(), aggregate() y extra() est\u00e1n sujetos a inyecci\u00f3n SQL en los alias de columna por medio de un diccionario dise\u00f1ado (con expansi\u00f3n de diccionario) como los **kwargs pasados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2\",\"versionEndExcluding\":\"2.2.28\",\"matchCriteriaId\":\"A545BDF6-D358-44FB-8FF7-5D0166DC6B9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.2\",\"versionEndExcluding\":\"3.2.13\",\"matchCriteriaId\":\"7ED1BF93-9E2C-457C-9596-F946FE223BAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndExcluding\":\"4.0.4\",\"matchCriteriaId\":\"36239F45-F5DF-4014-A2D0-F691D749C4CF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/04/11/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://docs.djangoproject.com/en/4.0/releases/security/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/forum/#%21forum/django-announce\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220609-0002/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5254\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/04/11/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://docs.djangoproject.com/en/4.0/releases/security/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/forum/#%21forum/django-announce\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220609-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5254\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
RHSA-2022_5602
Vulnerability from csaf_redhat - Published: 2022-07-19 13:06 - Updated: 2024-11-22 19:37Summary
Red Hat Security Advisory: RHUI 4.1.1 release - Security Fixes and Enhancement Update
Severity
Important
Notes
Topic: An updated version of Red Hat Update Infrastructure (RHUI) is now available. RHUI 4.1.1 introduces important enhancements and fixes several security bugs.
Details: Red Hat Update Infrastructure (RHUI) offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux (RHEL) instances.
Security Fix(es):
* Django: SQL injection via QuerySet's annotate, aggregate, and extra functions (CVE-2022-28346)
* Django: SQL injection via QuerySet's explain function on PostgreSQL (CVE-2022-28347)
This update fixes the following bugs:
* Previously, when a path for a non-RHUI repository was used in the entitlement certificate, RHUI Manager logged the following error message in the `/var/log/messages` file:
...
Invalid entitlement path %s found
...
With this update, the error message has been clarified and reworded to the following message:
...
Invalid repository download URL: %s provided
...
In addition, this RHUI update introduces the following enhancements:
* With this update, containers are now supported on RHUI. You can perform the following operations:
** Add containers to RHUI
** Synchronize these containers regularly along with containers from `registry.redhat.io` or any other registry of your choice
** Offer the containers to client virtual machines using a special client configuration RPM. You can create the configuration RPM using the `rhui-manager` text user interface.
* With this update, the repository synchronization status, the validity status of the RHUI CA certificate, and the statuses of services running on the RHUA, CDS, and HAProxy nodes are now available. In the case of services running on the nodes, you can view the statuses by running the `rhui-manager status` command on the RHUA node.(BZ#1636435)
* With this update, you can specify the following certificates and keys during RHUI installation:
** Custom CA certificates and keys on the RHUA node
** Custom CA certificate and key that will be used to generate client entitlement certificates
** Custom CA certificate and key that will be used to generate client SSL certificates
** Custom SSL certificate and key for the web server when adding a CDS node. Note that this certificate must be usable for all the load balancers and CDS host names that you are using with your RHUI installation(BZ#2010343)
* Previously, you could only access repositories by using paths with the `/pulp/content` prefix. With this update, you can now access repositories using paths containing other predefined prefixes. In addition, you can also configure protected and unprotected custom repositories to use custom prefixes.(BZ#2079376)
Users of RHUI are advised to upgrade to these updated packages that fix
these bugs and add these enhancements.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.
9.4 (Critical)
Affected products
Fixed
2 products
Known not affected
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHUI-4:ansible-collection-community-crypto-0:1.7.0-4.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:ansible-collection-community-crypto-0:1.7.0-4.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:createrepo_c-0:0.20.0-2.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:createrepo_c-debugsource-0:0.20.0-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:createrepo_c-libs-0:0.20.0-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:createrepo_c-libs-debuginfo-0:0.20.0-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:pulpcore-selinux-0:1.3.0-1.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:pulpcore-selinux-0:1.3.0-1.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python-cryptography-0:3.1.1-2.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-cryptography-debugsource-0:3.1.1-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python-ecdsa-0:0.14.1-2.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-future-0:0.18.2-5.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-pulp-container-0:2.10.3-2.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-pulp-container-client-0:2.7.1-6.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-pulp-rpm-0:3.17.5-2.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-pyOpenSSL-0:19.1.0-3.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-pycryptodomex-0:3.14.1-2.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-pycryptodomex-debugsource-0:3.14.1-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python-pyjwkest-0:1.4.2-6.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-pyjwt-0:1.7.1-8.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-requests-0:2.27.1-2.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-url-normalize-0:1.4.3-4.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python3-createrepo_c-0:0.20.0-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python3-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python3-pulp-container-client-0:2.7.1-6.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-createrepo_c-0:0.20.0-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-cryptography-0:3.1.1-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-cryptography-debuginfo-0:3.1.1-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-django-0:3.2.13-2.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-ecdsa-0:0.14.1-2.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-future-0:0.18.2-5.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-pulp-container-0:2.10.3-2.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-pulp-rpm-0:3.17.5-2.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-pulpcore-0:3.17.6-3.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-pyOpenSSL-0:19.1.0-3.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-pycryptodomex-0:3.14.1-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-pycryptodomex-debuginfo-0:3.14.1-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-pyjwkest-0:1.4.2-6.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-pyjwt-0:1.7.1-8.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-requests-0:2.27.1-2.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-url-normalize-0:1.4.3-4.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-installer-0:4.1.1.8-1.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-installer-0:4.1.1.8-1.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-tools-0:4.1.1.16-1.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-tools-0:4.1.1.16-1.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-tools-libs-0:4.1.1.16-1.el8ui.noarch | — |
Threats
Impact
Important
A flaw was found in the Django package, leading to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.
9.4 (Critical)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHUI-4:python-django-0:3.2.13-2.el8ui.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHUI-4:python-pulpcore-0:3.17.6-3.el8ui.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHUI-4:python38-pulpcore-0:3.17.6-3.el8ui.noarch | — |
Vendor Fix
fix
|
Known not affected
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHUI-4:ansible-collection-community-crypto-0:1.7.0-4.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:ansible-collection-community-crypto-0:1.7.0-4.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:createrepo_c-0:0.20.0-2.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:createrepo_c-debugsource-0:0.20.0-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:createrepo_c-libs-0:0.20.0-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:createrepo_c-libs-debuginfo-0:0.20.0-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:pulpcore-selinux-0:1.3.0-1.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:pulpcore-selinux-0:1.3.0-1.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python-cryptography-0:3.1.1-2.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-cryptography-debugsource-0:3.1.1-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python-ecdsa-0:0.14.1-2.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-future-0:0.18.2-5.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-pulp-container-0:2.10.3-2.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-pulp-container-client-0:2.7.1-6.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-pulp-rpm-0:3.17.5-2.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-pyOpenSSL-0:19.1.0-3.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-pycryptodomex-0:3.14.1-2.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-pycryptodomex-debugsource-0:3.14.1-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python-pyjwkest-0:1.4.2-6.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-pyjwt-0:1.7.1-8.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-requests-0:2.27.1-2.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python-url-normalize-0:1.4.3-4.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:python3-createrepo_c-0:0.20.0-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python3-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python3-pulp-container-client-0:2.7.1-6.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-createrepo_c-0:0.20.0-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-cryptography-0:3.1.1-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-cryptography-debuginfo-0:3.1.1-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-django-0:3.2.13-2.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-ecdsa-0:0.14.1-2.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-future-0:0.18.2-5.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-pulp-container-0:2.10.3-2.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-pulp-rpm-0:3.17.5-2.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-pyOpenSSL-0:19.1.0-3.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-pycryptodomex-0:3.14.1-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-pycryptodomex-debuginfo-0:3.14.1-2.el8ui.x86_64 | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-pyjwkest-0:1.4.2-6.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-pyjwt-0:1.7.1-8.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-requests-0:2.27.1-2.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:python38-url-normalize-0:1.4.3-4.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-installer-0:4.1.1.8-1.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-installer-0:4.1.1.8-1.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-tools-0:4.1.1.16-1.el8ui.noarch | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-tools-0:4.1.1.16-1.el8ui.src | — | ||
| Unresolved product id: 8Base-RHUI-4:rhui-tools-libs-0:4.1.1.16-1.el8ui.noarch | — |
Threats
Impact
Important
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated version of Red Hat Update Infrastructure (RHUI) is now available. RHUI 4.1.1 introduces important enhancements and fixes several security bugs.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Update Infrastructure (RHUI) offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux (RHEL) instances.\n\nSecurity Fix(es):\n* Django: SQL injection via QuerySet\u0027s annotate, aggregate, and extra functions (CVE-2022-28346)\n* Django: SQL injection via QuerySet\u0027s explain function on PostgreSQL (CVE-2022-28347)\n\nThis update fixes the following bugs:\n\n* Previously, when a path for a non-RHUI repository was used in the entitlement certificate, RHUI Manager logged the following error message in the `/var/log/messages` file:\n...\nInvalid entitlement path %s found\n...\n\nWith this update, the error message has been clarified and reworded to the following message:\n...\nInvalid repository download URL: %s provided\n...\n\nIn addition, this RHUI update introduces the following enhancements:\n\n* With this update, containers are now supported on RHUI. You can perform the following operations:\n** Add containers to RHUI\n** Synchronize these containers regularly along with containers from `registry.redhat.io` or any other registry of your choice\n** Offer the containers to client virtual machines using a special client configuration RPM. You can create the configuration RPM using the `rhui-manager` text user interface.\n\n* With this update, the repository synchronization status, the validity status of the RHUI CA certificate, and the statuses of services running on the RHUA, CDS, and HAProxy nodes are now available. In the case of services running on the nodes, you can view the statuses by running the `rhui-manager status` command on the RHUA node.(BZ#1636435)\n\n* With this update, you can specify the following certificates and keys during RHUI installation:\n** Custom CA certificates and keys on the RHUA node\n** Custom CA certificate and key that will be used to generate client entitlement certificates\n** Custom CA certificate and key that will be used to generate client SSL certificates\n** Custom SSL certificate and key for the web server when adding a CDS node. Note that this certificate must be usable for all the load balancers and CDS host names that you are using with your RHUI installation(BZ#2010343)\n\n* Previously, you could only access repositories by using paths with the `/pulp/content` prefix. With this update, you can now access repositories using paths containing other predefined prefixes. In addition, you can also configure protected and unprotected custom repositories to use custom prefixes.(BZ#2079376)\n\nUsers of RHUI are advised to upgrade to these updated packages that fix\nthese bugs and add these enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:5602",
"url": "https://access.redhat.com/errata/RHSA-2022:5602"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1636435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1636435"
},
{
"category": "external",
"summary": "1890389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890389"
},
{
"category": "external",
"summary": "2010343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010343"
},
{
"category": "external",
"summary": "2072447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072447"
},
{
"category": "external",
"summary": "2072459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072459"
},
{
"category": "external",
"summary": "2079376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079376"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5602.json"
}
],
"title": "Red Hat Security Advisory: RHUI 4.1.1 release - Security Fixes and Enhancement Update",
"tracking": {
"current_release_date": "2024-11-22T19:37:02+00:00",
"generator": {
"date": "2024-11-22T19:37:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:5602",
"initial_release_date": "2022-07-19T13:06:09+00:00",
"revision_history": [
{
"date": "2022-07-19T13:06:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-07-19T13:06:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T19:37:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHUI 4 for RHEL 8",
"product": {
"name": "RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhui:4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Update Infrastructure"
},
{
"branches": [
{
"category": "product_version",
"name": "rhui-installer-0:4.1.1.8-1.el8ui.src",
"product": {
"name": "rhui-installer-0:4.1.1.8-1.el8ui.src",
"product_id": "rhui-installer-0:4.1.1.8-1.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhui-installer@4.1.1.8-1.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.src",
"product": {
"name": "rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.src",
"product_id": "rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhui-cds-plugin-authorizer-cert@1.0.5-1.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-django-0:3.2.13-2.el8ui.src",
"product": {
"name": "python-django-0:3.2.13-2.el8ui.src",
"product_id": "python-django-0:3.2.13-2.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django@3.2.13-2.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.src",
"product": {
"name": "rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.src",
"product_id": "rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhui-cds-plugin-fetcher@1.0.5-1.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulpcore-0:3.17.6-3.el8ui.src",
"product": {
"name": "python-pulpcore-0:3.17.6-3.el8ui.src",
"product_id": "python-pulpcore-0:3.17.6-3.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulpcore@3.17.6-3.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-collection-community-crypto-0:1.7.0-4.el8ui.src",
"product": {
"name": "ansible-collection-community-crypto-0:1.7.0-4.el8ui.src",
"product_id": "ansible-collection-community-crypto-0:1.7.0-4.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-collection-community-crypto@1.7.0-4.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulp-rpm-0:3.17.5-2.el8ui.src",
"product": {
"name": "python-pulp-rpm-0:3.17.5-2.el8ui.src",
"product_id": "python-pulp-rpm-0:3.17.5-2.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulp-rpm@3.17.5-2.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "createrepo_c-0:0.20.0-2.el8ui.src",
"product": {
"name": "createrepo_c-0:0.20.0-2.el8ui.src",
"product_id": "createrepo_c-0:0.20.0-2.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/createrepo_c@0.20.0-2.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-future-0:0.18.2-5.el8ui.src",
"product": {
"name": "python-future-0:0.18.2-5.el8ui.src",
"product_id": "python-future-0:0.18.2-5.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-future@0.18.2-5.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulp-container-0:2.10.3-2.el8ui.src",
"product": {
"name": "python-pulp-container-0:2.10.3-2.el8ui.src",
"product_id": "python-pulp-container-0:2.10.3-2.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulp-container@2.10.3-2.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pycryptodomex-0:3.14.1-2.el8ui.src",
"product": {
"name": "python-pycryptodomex-0:3.14.1-2.el8ui.src",
"product_id": "python-pycryptodomex-0:3.14.1-2.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pycryptodomex@3.14.1-2.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-url-normalize-0:1.4.3-4.el8ui.src",
"product": {
"name": "python-url-normalize-0:1.4.3-4.el8ui.src",
"product_id": "python-url-normalize-0:1.4.3-4.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-url-normalize@1.4.3-4.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-ecdsa-0:0.14.1-2.el8ui.src",
"product": {
"name": "python-ecdsa-0:0.14.1-2.el8ui.src",
"product_id": "python-ecdsa-0:0.14.1-2.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-ecdsa@0.14.1-2.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pyjwt-0:1.7.1-8.el8ui.src",
"product": {
"name": "python-pyjwt-0:1.7.1-8.el8ui.src",
"product_id": "python-pyjwt-0:1.7.1-8.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pyjwt@1.7.1-8.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pyjwkest-0:1.4.2-6.el8ui.src",
"product": {
"name": "python-pyjwkest-0:1.4.2-6.el8ui.src",
"product_id": "python-pyjwkest-0:1.4.2-6.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pyjwkest@1.4.2-6.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulp-container-client-0:2.7.1-6.el8ui.src",
"product": {
"name": "python-pulp-container-client-0:2.7.1-6.el8ui.src",
"product_id": "python-pulp-container-client-0:2.7.1-6.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulp-container-client@2.7.1-6.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-requests-0:2.27.1-2.el8ui.src",
"product": {
"name": "python-requests-0:2.27.1-2.el8ui.src",
"product_id": "python-requests-0:2.27.1-2.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-requests@2.27.1-2.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-0:3.1.1-2.el8ui.src",
"product": {
"name": "python-cryptography-0:3.1.1-2.el8ui.src",
"product_id": "python-cryptography-0:3.1.1-2.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography@3.1.1-2.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pyOpenSSL-0:19.1.0-3.el8ui.src",
"product": {
"name": "python-pyOpenSSL-0:19.1.0-3.el8ui.src",
"product_id": "python-pyOpenSSL-0:19.1.0-3.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pyOpenSSL@19.1.0-3.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "pulpcore-selinux-0:1.3.0-1.el8ui.src",
"product": {
"name": "pulpcore-selinux-0:1.3.0-1.el8ui.src",
"product_id": "pulpcore-selinux-0:1.3.0-1.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pulpcore-selinux@1.3.0-1.el8ui?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhui-tools-0:4.1.1.16-1.el8ui.src",
"product": {
"name": "rhui-tools-0:4.1.1.16-1.el8ui.src",
"product_id": "rhui-tools-0:4.1.1.16-1.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhui-tools@4.1.1.16-1.el8ui?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhui-installer-0:4.1.1.8-1.el8ui.noarch",
"product": {
"name": "rhui-installer-0:4.1.1.8-1.el8ui.noarch",
"product_id": "rhui-installer-0:4.1.1.8-1.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhui-installer@4.1.1.8-1.el8ui?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.noarch",
"product": {
"name": "rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.noarch",
"product_id": "rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhui-cds-plugin-authorizer-cert@1.0.5-1.el8ui?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-django-0:3.2.13-2.el8ui.noarch",
"product": {
"name": "python38-django-0:3.2.13-2.el8ui.noarch",
"product_id": "python38-django-0:3.2.13-2.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-django@3.2.13-2.el8ui?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.noarch",
"product": {
"name": "rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.noarch",
"product_id": "rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhui-cds-plugin-fetcher@1.0.5-1.el8ui?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-pulpcore-0:3.17.6-3.el8ui.noarch",
"product": {
"name": "python38-pulpcore-0:3.17.6-3.el8ui.noarch",
"product_id": "python38-pulpcore-0:3.17.6-3.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-pulpcore@3.17.6-3.el8ui?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-collection-community-crypto-0:1.7.0-4.el8ui.noarch",
"product": {
"name": "ansible-collection-community-crypto-0:1.7.0-4.el8ui.noarch",
"product_id": "ansible-collection-community-crypto-0:1.7.0-4.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-collection-community-crypto@1.7.0-4.el8ui?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-pulp-rpm-0:3.17.5-2.el8ui.noarch",
"product": {
"name": "python38-pulp-rpm-0:3.17.5-2.el8ui.noarch",
"product_id": "python38-pulp-rpm-0:3.17.5-2.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-pulp-rpm@3.17.5-2.el8ui?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-future-0:0.18.2-5.el8ui.noarch",
"product": {
"name": "python38-future-0:0.18.2-5.el8ui.noarch",
"product_id": "python38-future-0:0.18.2-5.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-future@0.18.2-5.el8ui?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-pulp-container-0:2.10.3-2.el8ui.noarch",
"product": {
"name": "python38-pulp-container-0:2.10.3-2.el8ui.noarch",
"product_id": "python38-pulp-container-0:2.10.3-2.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-pulp-container@2.10.3-2.el8ui?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-url-normalize-0:1.4.3-4.el8ui.noarch",
"product": {
"name": "python38-url-normalize-0:1.4.3-4.el8ui.noarch",
"product_id": "python38-url-normalize-0:1.4.3-4.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-url-normalize@1.4.3-4.el8ui?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-ecdsa-0:0.14.1-2.el8ui.noarch",
"product": {
"name": "python38-ecdsa-0:0.14.1-2.el8ui.noarch",
"product_id": "python38-ecdsa-0:0.14.1-2.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-ecdsa@0.14.1-2.el8ui?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-pyjwt-0:1.7.1-8.el8ui.noarch",
"product": {
"name": "python38-pyjwt-0:1.7.1-8.el8ui.noarch",
"product_id": "python38-pyjwt-0:1.7.1-8.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-pyjwt@1.7.1-8.el8ui?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-pyjwkest-0:1.4.2-6.el8ui.noarch",
"product": {
"name": "python38-pyjwkest-0:1.4.2-6.el8ui.noarch",
"product_id": "python38-pyjwkest-0:1.4.2-6.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-pyjwkest@1.4.2-6.el8ui?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-pulp-container-client-0:2.7.1-6.el8ui.noarch",
"product": {
"name": "python3-pulp-container-client-0:2.7.1-6.el8ui.noarch",
"product_id": "python3-pulp-container-client-0:2.7.1-6.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pulp-container-client@2.7.1-6.el8ui?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-requests-0:2.27.1-2.el8ui.noarch",
"product": {
"name": "python38-requests-0:2.27.1-2.el8ui.noarch",
"product_id": "python38-requests-0:2.27.1-2.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-requests@2.27.1-2.el8ui?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-pyOpenSSL-0:19.1.0-3.el8ui.noarch",
"product": {
"name": "python38-pyOpenSSL-0:19.1.0-3.el8ui.noarch",
"product_id": "python38-pyOpenSSL-0:19.1.0-3.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-pyOpenSSL@19.1.0-3.el8ui?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhui-tools-0:4.1.1.16-1.el8ui.noarch",
"product": {
"name": "rhui-tools-0:4.1.1.16-1.el8ui.noarch",
"product_id": "rhui-tools-0:4.1.1.16-1.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhui-tools@4.1.1.16-1.el8ui?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhui-tools-libs-0:4.1.1.16-1.el8ui.noarch",
"product": {
"name": "rhui-tools-libs-0:4.1.1.16-1.el8ui.noarch",
"product_id": "rhui-tools-libs-0:4.1.1.16-1.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhui-tools-libs@4.1.1.16-1.el8ui?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "createrepo_c-libs-0:0.20.0-2.el8ui.x86_64",
"product": {
"name": "createrepo_c-libs-0:0.20.0-2.el8ui.x86_64",
"product_id": "createrepo_c-libs-0:0.20.0-2.el8ui.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/createrepo_c-libs@0.20.0-2.el8ui?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-createrepo_c-0:0.20.0-2.el8ui.x86_64",
"product": {
"name": "python3-createrepo_c-0:0.20.0-2.el8ui.x86_64",
"product_id": "python3-createrepo_c-0:0.20.0-2.el8ui.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-createrepo_c@0.20.0-2.el8ui?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python38-createrepo_c-0:0.20.0-2.el8ui.x86_64",
"product": {
"name": "python38-createrepo_c-0:0.20.0-2.el8ui.x86_64",
"product_id": "python38-createrepo_c-0:0.20.0-2.el8ui.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-createrepo_c@0.20.0-2.el8ui?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "createrepo_c-debugsource-0:0.20.0-2.el8ui.x86_64",
"product": {
"name": "createrepo_c-debugsource-0:0.20.0-2.el8ui.x86_64",
"product_id": "createrepo_c-debugsource-0:0.20.0-2.el8ui.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/createrepo_c-debugsource@0.20.0-2.el8ui?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"product": {
"name": "createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"product_id": "createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/createrepo_c-debuginfo@0.20.0-2.el8ui?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "createrepo_c-libs-debuginfo-0:0.20.0-2.el8ui.x86_64",
"product": {
"name": "createrepo_c-libs-debuginfo-0:0.20.0-2.el8ui.x86_64",
"product_id": "createrepo_c-libs-debuginfo-0:0.20.0-2.el8ui.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/createrepo_c-libs-debuginfo@0.20.0-2.el8ui?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"product": {
"name": "python3-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"product_id": "python3-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-createrepo_c-debuginfo@0.20.0-2.el8ui?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python38-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"product": {
"name": "python38-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"product_id": "python38-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-createrepo_c-debuginfo@0.20.0-2.el8ui?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python38-pycryptodomex-0:3.14.1-2.el8ui.x86_64",
"product": {
"name": "python38-pycryptodomex-0:3.14.1-2.el8ui.x86_64",
"product_id": "python38-pycryptodomex-0:3.14.1-2.el8ui.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-pycryptodomex@3.14.1-2.el8ui?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-pycryptodomex-debugsource-0:3.14.1-2.el8ui.x86_64",
"product": {
"name": "python-pycryptodomex-debugsource-0:3.14.1-2.el8ui.x86_64",
"product_id": "python-pycryptodomex-debugsource-0:3.14.1-2.el8ui.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pycryptodomex-debugsource@3.14.1-2.el8ui?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python38-pycryptodomex-debuginfo-0:3.14.1-2.el8ui.x86_64",
"product": {
"name": "python38-pycryptodomex-debuginfo-0:3.14.1-2.el8ui.x86_64",
"product_id": "python38-pycryptodomex-debuginfo-0:3.14.1-2.el8ui.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-pycryptodomex-debuginfo@3.14.1-2.el8ui?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python38-cryptography-0:3.1.1-2.el8ui.x86_64",
"product": {
"name": "python38-cryptography-0:3.1.1-2.el8ui.x86_64",
"product_id": "python38-cryptography-0:3.1.1-2.el8ui.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-cryptography@3.1.1-2.el8ui?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debugsource-0:3.1.1-2.el8ui.x86_64",
"product": {
"name": "python-cryptography-debugsource-0:3.1.1-2.el8ui.x86_64",
"product_id": "python-cryptography-debugsource-0:3.1.1-2.el8ui.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debugsource@3.1.1-2.el8ui?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python38-cryptography-debuginfo-0:3.1.1-2.el8ui.x86_64",
"product": {
"name": "python38-cryptography-debuginfo-0:3.1.1-2.el8ui.x86_64",
"product_id": "python38-cryptography-debuginfo-0:3.1.1-2.el8ui.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-cryptography-debuginfo@3.1.1-2.el8ui?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pulpcore-selinux-0:1.3.0-1.el8ui.x86_64",
"product": {
"name": "pulpcore-selinux-0:1.3.0-1.el8ui.x86_64",
"product_id": "pulpcore-selinux-0:1.3.0-1.el8ui.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pulpcore-selinux@1.3.0-1.el8ui?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-community-crypto-0:1.7.0-4.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:ansible-collection-community-crypto-0:1.7.0-4.el8ui.noarch"
},
"product_reference": "ansible-collection-community-crypto-0:1.7.0-4.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-community-crypto-0:1.7.0-4.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:ansible-collection-community-crypto-0:1.7.0-4.el8ui.src"
},
"product_reference": "ansible-collection-community-crypto-0:1.7.0-4.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "createrepo_c-0:0.20.0-2.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:createrepo_c-0:0.20.0-2.el8ui.src"
},
"product_reference": "createrepo_c-0:0.20.0-2.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64 as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64"
},
"product_reference": "createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "createrepo_c-debugsource-0:0.20.0-2.el8ui.x86_64 as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:createrepo_c-debugsource-0:0.20.0-2.el8ui.x86_64"
},
"product_reference": "createrepo_c-debugsource-0:0.20.0-2.el8ui.x86_64",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "createrepo_c-libs-0:0.20.0-2.el8ui.x86_64 as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:createrepo_c-libs-0:0.20.0-2.el8ui.x86_64"
},
"product_reference": "createrepo_c-libs-0:0.20.0-2.el8ui.x86_64",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "createrepo_c-libs-debuginfo-0:0.20.0-2.el8ui.x86_64 as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:createrepo_c-libs-debuginfo-0:0.20.0-2.el8ui.x86_64"
},
"product_reference": "createrepo_c-libs-debuginfo-0:0.20.0-2.el8ui.x86_64",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pulpcore-selinux-0:1.3.0-1.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:pulpcore-selinux-0:1.3.0-1.el8ui.src"
},
"product_reference": "pulpcore-selinux-0:1.3.0-1.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pulpcore-selinux-0:1.3.0-1.el8ui.x86_64 as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:pulpcore-selinux-0:1.3.0-1.el8ui.x86_64"
},
"product_reference": "pulpcore-selinux-0:1.3.0-1.el8ui.x86_64",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-0:3.1.1-2.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python-cryptography-0:3.1.1-2.el8ui.src"
},
"product_reference": "python-cryptography-0:3.1.1-2.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:3.1.1-2.el8ui.x86_64 as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python-cryptography-debugsource-0:3.1.1-2.el8ui.x86_64"
},
"product_reference": "python-cryptography-debugsource-0:3.1.1-2.el8ui.x86_64",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:3.2.13-2.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python-django-0:3.2.13-2.el8ui.src"
},
"product_reference": "python-django-0:3.2.13-2.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ecdsa-0:0.14.1-2.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python-ecdsa-0:0.14.1-2.el8ui.src"
},
"product_reference": "python-ecdsa-0:0.14.1-2.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-future-0:0.18.2-5.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python-future-0:0.18.2-5.el8ui.src"
},
"product_reference": "python-future-0:0.18.2-5.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-container-0:2.10.3-2.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python-pulp-container-0:2.10.3-2.el8ui.src"
},
"product_reference": "python-pulp-container-0:2.10.3-2.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-container-client-0:2.7.1-6.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python-pulp-container-client-0:2.7.1-6.el8ui.src"
},
"product_reference": "python-pulp-container-client-0:2.7.1-6.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-rpm-0:3.17.5-2.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python-pulp-rpm-0:3.17.5-2.el8ui.src"
},
"product_reference": "python-pulp-rpm-0:3.17.5-2.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulpcore-0:3.17.6-3.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python-pulpcore-0:3.17.6-3.el8ui.src"
},
"product_reference": "python-pulpcore-0:3.17.6-3.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyOpenSSL-0:19.1.0-3.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python-pyOpenSSL-0:19.1.0-3.el8ui.src"
},
"product_reference": "python-pyOpenSSL-0:19.1.0-3.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycryptodomex-0:3.14.1-2.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python-pycryptodomex-0:3.14.1-2.el8ui.src"
},
"product_reference": "python-pycryptodomex-0:3.14.1-2.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycryptodomex-debugsource-0:3.14.1-2.el8ui.x86_64 as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python-pycryptodomex-debugsource-0:3.14.1-2.el8ui.x86_64"
},
"product_reference": "python-pycryptodomex-debugsource-0:3.14.1-2.el8ui.x86_64",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyjwkest-0:1.4.2-6.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python-pyjwkest-0:1.4.2-6.el8ui.src"
},
"product_reference": "python-pyjwkest-0:1.4.2-6.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyjwt-0:1.7.1-8.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python-pyjwt-0:1.7.1-8.el8ui.src"
},
"product_reference": "python-pyjwt-0:1.7.1-8.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-0:2.27.1-2.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python-requests-0:2.27.1-2.el8ui.src"
},
"product_reference": "python-requests-0:2.27.1-2.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-url-normalize-0:1.4.3-4.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python-url-normalize-0:1.4.3-4.el8ui.src"
},
"product_reference": "python-url-normalize-0:1.4.3-4.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-createrepo_c-0:0.20.0-2.el8ui.x86_64 as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python3-createrepo_c-0:0.20.0-2.el8ui.x86_64"
},
"product_reference": "python3-createrepo_c-0:0.20.0-2.el8ui.x86_64",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64 as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python3-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64"
},
"product_reference": "python3-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pulp-container-client-0:2.7.1-6.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python3-pulp-container-client-0:2.7.1-6.el8ui.noarch"
},
"product_reference": "python3-pulp-container-client-0:2.7.1-6.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-createrepo_c-0:0.20.0-2.el8ui.x86_64 as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python38-createrepo_c-0:0.20.0-2.el8ui.x86_64"
},
"product_reference": "python38-createrepo_c-0:0.20.0-2.el8ui.x86_64",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64 as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python38-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64"
},
"product_reference": "python38-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-cryptography-0:3.1.1-2.el8ui.x86_64 as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python38-cryptography-0:3.1.1-2.el8ui.x86_64"
},
"product_reference": "python38-cryptography-0:3.1.1-2.el8ui.x86_64",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-cryptography-debuginfo-0:3.1.1-2.el8ui.x86_64 as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python38-cryptography-debuginfo-0:3.1.1-2.el8ui.x86_64"
},
"product_reference": "python38-cryptography-debuginfo-0:3.1.1-2.el8ui.x86_64",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-django-0:3.2.13-2.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python38-django-0:3.2.13-2.el8ui.noarch"
},
"product_reference": "python38-django-0:3.2.13-2.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-ecdsa-0:0.14.1-2.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python38-ecdsa-0:0.14.1-2.el8ui.noarch"
},
"product_reference": "python38-ecdsa-0:0.14.1-2.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-future-0:0.18.2-5.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python38-future-0:0.18.2-5.el8ui.noarch"
},
"product_reference": "python38-future-0:0.18.2-5.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-pulp-container-0:2.10.3-2.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python38-pulp-container-0:2.10.3-2.el8ui.noarch"
},
"product_reference": "python38-pulp-container-0:2.10.3-2.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-pulp-rpm-0:3.17.5-2.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python38-pulp-rpm-0:3.17.5-2.el8ui.noarch"
},
"product_reference": "python38-pulp-rpm-0:3.17.5-2.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-pulpcore-0:3.17.6-3.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python38-pulpcore-0:3.17.6-3.el8ui.noarch"
},
"product_reference": "python38-pulpcore-0:3.17.6-3.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-pyOpenSSL-0:19.1.0-3.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python38-pyOpenSSL-0:19.1.0-3.el8ui.noarch"
},
"product_reference": "python38-pyOpenSSL-0:19.1.0-3.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-pycryptodomex-0:3.14.1-2.el8ui.x86_64 as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python38-pycryptodomex-0:3.14.1-2.el8ui.x86_64"
},
"product_reference": "python38-pycryptodomex-0:3.14.1-2.el8ui.x86_64",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-pycryptodomex-debuginfo-0:3.14.1-2.el8ui.x86_64 as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python38-pycryptodomex-debuginfo-0:3.14.1-2.el8ui.x86_64"
},
"product_reference": "python38-pycryptodomex-debuginfo-0:3.14.1-2.el8ui.x86_64",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-pyjwkest-0:1.4.2-6.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python38-pyjwkest-0:1.4.2-6.el8ui.noarch"
},
"product_reference": "python38-pyjwkest-0:1.4.2-6.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-pyjwt-0:1.7.1-8.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python38-pyjwt-0:1.7.1-8.el8ui.noarch"
},
"product_reference": "python38-pyjwt-0:1.7.1-8.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-requests-0:2.27.1-2.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python38-requests-0:2.27.1-2.el8ui.noarch"
},
"product_reference": "python38-requests-0:2.27.1-2.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-url-normalize-0:1.4.3-4.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python38-url-normalize-0:1.4.3-4.el8ui.noarch"
},
"product_reference": "python38-url-normalize-0:1.4.3-4.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.noarch"
},
"product_reference": "rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.src"
},
"product_reference": "rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.noarch"
},
"product_reference": "rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.src"
},
"product_reference": "rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhui-installer-0:4.1.1.8-1.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:rhui-installer-0:4.1.1.8-1.el8ui.noarch"
},
"product_reference": "rhui-installer-0:4.1.1.8-1.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhui-installer-0:4.1.1.8-1.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:rhui-installer-0:4.1.1.8-1.el8ui.src"
},
"product_reference": "rhui-installer-0:4.1.1.8-1.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhui-tools-0:4.1.1.16-1.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:rhui-tools-0:4.1.1.16-1.el8ui.noarch"
},
"product_reference": "rhui-tools-0:4.1.1.16-1.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhui-tools-0:4.1.1.16-1.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:rhui-tools-0:4.1.1.16-1.el8ui.src"
},
"product_reference": "rhui-tools-0:4.1.1.16-1.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhui-tools-libs-0:4.1.1.16-1.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:rhui-tools-libs-0:4.1.1.16-1.el8ui.noarch"
},
"product_reference": "rhui-tools-libs-0:4.1.1.16-1.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-28346",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2022-04-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHUI-4:ansible-collection-community-crypto-0:1.7.0-4.el8ui.noarch",
"8Base-RHUI-4:ansible-collection-community-crypto-0:1.7.0-4.el8ui.src",
"8Base-RHUI-4:createrepo_c-0:0.20.0-2.el8ui.src",
"8Base-RHUI-4:createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:createrepo_c-debugsource-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:createrepo_c-libs-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:createrepo_c-libs-debuginfo-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:pulpcore-selinux-0:1.3.0-1.el8ui.src",
"8Base-RHUI-4:pulpcore-selinux-0:1.3.0-1.el8ui.x86_64",
"8Base-RHUI-4:python-cryptography-0:3.1.1-2.el8ui.src",
"8Base-RHUI-4:python-cryptography-debugsource-0:3.1.1-2.el8ui.x86_64",
"8Base-RHUI-4:python-ecdsa-0:0.14.1-2.el8ui.src",
"8Base-RHUI-4:python-future-0:0.18.2-5.el8ui.src",
"8Base-RHUI-4:python-pulp-container-0:2.10.3-2.el8ui.src",
"8Base-RHUI-4:python-pulp-container-client-0:2.7.1-6.el8ui.src",
"8Base-RHUI-4:python-pulp-rpm-0:3.17.5-2.el8ui.src",
"8Base-RHUI-4:python-pyOpenSSL-0:19.1.0-3.el8ui.src",
"8Base-RHUI-4:python-pycryptodomex-0:3.14.1-2.el8ui.src",
"8Base-RHUI-4:python-pycryptodomex-debugsource-0:3.14.1-2.el8ui.x86_64",
"8Base-RHUI-4:python-pyjwkest-0:1.4.2-6.el8ui.src",
"8Base-RHUI-4:python-pyjwt-0:1.7.1-8.el8ui.src",
"8Base-RHUI-4:python-requests-0:2.27.1-2.el8ui.src",
"8Base-RHUI-4:python-url-normalize-0:1.4.3-4.el8ui.src",
"8Base-RHUI-4:python3-createrepo_c-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:python3-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:python3-pulp-container-client-0:2.7.1-6.el8ui.noarch",
"8Base-RHUI-4:python38-createrepo_c-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:python38-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:python38-cryptography-0:3.1.1-2.el8ui.x86_64",
"8Base-RHUI-4:python38-cryptography-debuginfo-0:3.1.1-2.el8ui.x86_64",
"8Base-RHUI-4:python38-django-0:3.2.13-2.el8ui.noarch",
"8Base-RHUI-4:python38-ecdsa-0:0.14.1-2.el8ui.noarch",
"8Base-RHUI-4:python38-future-0:0.18.2-5.el8ui.noarch",
"8Base-RHUI-4:python38-pulp-container-0:2.10.3-2.el8ui.noarch",
"8Base-RHUI-4:python38-pulp-rpm-0:3.17.5-2.el8ui.noarch",
"8Base-RHUI-4:python38-pulpcore-0:3.17.6-3.el8ui.noarch",
"8Base-RHUI-4:python38-pyOpenSSL-0:19.1.0-3.el8ui.noarch",
"8Base-RHUI-4:python38-pycryptodomex-0:3.14.1-2.el8ui.x86_64",
"8Base-RHUI-4:python38-pycryptodomex-debuginfo-0:3.14.1-2.el8ui.x86_64",
"8Base-RHUI-4:python38-pyjwkest-0:1.4.2-6.el8ui.noarch",
"8Base-RHUI-4:python38-pyjwt-0:1.7.1-8.el8ui.noarch",
"8Base-RHUI-4:python38-requests-0:2.27.1-2.el8ui.noarch",
"8Base-RHUI-4:python38-url-normalize-0:1.4.3-4.el8ui.noarch",
"8Base-RHUI-4:rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.noarch",
"8Base-RHUI-4:rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.src",
"8Base-RHUI-4:rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.noarch",
"8Base-RHUI-4:rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.src",
"8Base-RHUI-4:rhui-installer-0:4.1.1.8-1.el8ui.noarch",
"8Base-RHUI-4:rhui-installer-0:4.1.1.8-1.el8ui.src",
"8Base-RHUI-4:rhui-tools-0:4.1.1.16-1.el8ui.noarch",
"8Base-RHUI-4:rhui-tools-0:4.1.1.16-1.el8ui.src",
"8Base-RHUI-4:rhui-tools-libs-0:4.1.1.16-1.el8ui.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072447"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: SQL injection in QuerySet.annotate(),aggregate() and extra()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack does ship the affected version of Django, however, vulnerability is not exposed in the product as it does not make use of vulnerable code. We may update Django in a future release of OpenStack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHUI-4:python-django-0:3.2.13-2.el8ui.src",
"8Base-RHUI-4:python-pulpcore-0:3.17.6-3.el8ui.src"
],
"known_not_affected": [
"8Base-RHUI-4:ansible-collection-community-crypto-0:1.7.0-4.el8ui.noarch",
"8Base-RHUI-4:ansible-collection-community-crypto-0:1.7.0-4.el8ui.src",
"8Base-RHUI-4:createrepo_c-0:0.20.0-2.el8ui.src",
"8Base-RHUI-4:createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:createrepo_c-debugsource-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:createrepo_c-libs-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:createrepo_c-libs-debuginfo-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:pulpcore-selinux-0:1.3.0-1.el8ui.src",
"8Base-RHUI-4:pulpcore-selinux-0:1.3.0-1.el8ui.x86_64",
"8Base-RHUI-4:python-cryptography-0:3.1.1-2.el8ui.src",
"8Base-RHUI-4:python-cryptography-debugsource-0:3.1.1-2.el8ui.x86_64",
"8Base-RHUI-4:python-ecdsa-0:0.14.1-2.el8ui.src",
"8Base-RHUI-4:python-future-0:0.18.2-5.el8ui.src",
"8Base-RHUI-4:python-pulp-container-0:2.10.3-2.el8ui.src",
"8Base-RHUI-4:python-pulp-container-client-0:2.7.1-6.el8ui.src",
"8Base-RHUI-4:python-pulp-rpm-0:3.17.5-2.el8ui.src",
"8Base-RHUI-4:python-pyOpenSSL-0:19.1.0-3.el8ui.src",
"8Base-RHUI-4:python-pycryptodomex-0:3.14.1-2.el8ui.src",
"8Base-RHUI-4:python-pycryptodomex-debugsource-0:3.14.1-2.el8ui.x86_64",
"8Base-RHUI-4:python-pyjwkest-0:1.4.2-6.el8ui.src",
"8Base-RHUI-4:python-pyjwt-0:1.7.1-8.el8ui.src",
"8Base-RHUI-4:python-requests-0:2.27.1-2.el8ui.src",
"8Base-RHUI-4:python-url-normalize-0:1.4.3-4.el8ui.src",
"8Base-RHUI-4:python3-createrepo_c-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:python3-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:python3-pulp-container-client-0:2.7.1-6.el8ui.noarch",
"8Base-RHUI-4:python38-createrepo_c-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:python38-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:python38-cryptography-0:3.1.1-2.el8ui.x86_64",
"8Base-RHUI-4:python38-cryptography-debuginfo-0:3.1.1-2.el8ui.x86_64",
"8Base-RHUI-4:python38-django-0:3.2.13-2.el8ui.noarch",
"8Base-RHUI-4:python38-ecdsa-0:0.14.1-2.el8ui.noarch",
"8Base-RHUI-4:python38-future-0:0.18.2-5.el8ui.noarch",
"8Base-RHUI-4:python38-pulp-container-0:2.10.3-2.el8ui.noarch",
"8Base-RHUI-4:python38-pulp-rpm-0:3.17.5-2.el8ui.noarch",
"8Base-RHUI-4:python38-pulpcore-0:3.17.6-3.el8ui.noarch",
"8Base-RHUI-4:python38-pyOpenSSL-0:19.1.0-3.el8ui.noarch",
"8Base-RHUI-4:python38-pycryptodomex-0:3.14.1-2.el8ui.x86_64",
"8Base-RHUI-4:python38-pycryptodomex-debuginfo-0:3.14.1-2.el8ui.x86_64",
"8Base-RHUI-4:python38-pyjwkest-0:1.4.2-6.el8ui.noarch",
"8Base-RHUI-4:python38-pyjwt-0:1.7.1-8.el8ui.noarch",
"8Base-RHUI-4:python38-requests-0:2.27.1-2.el8ui.noarch",
"8Base-RHUI-4:python38-url-normalize-0:1.4.3-4.el8ui.noarch",
"8Base-RHUI-4:rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.noarch",
"8Base-RHUI-4:rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.src",
"8Base-RHUI-4:rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.noarch",
"8Base-RHUI-4:rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.src",
"8Base-RHUI-4:rhui-installer-0:4.1.1.8-1.el8ui.noarch",
"8Base-RHUI-4:rhui-installer-0:4.1.1.8-1.el8ui.src",
"8Base-RHUI-4:rhui-tools-0:4.1.1.16-1.el8ui.noarch",
"8Base-RHUI-4:rhui-tools-0:4.1.1.16-1.el8ui.src",
"8Base-RHUI-4:rhui-tools-libs-0:4.1.1.16-1.el8ui.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28346"
},
{
"category": "external",
"summary": "RHBZ#2072447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28346",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28346"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28346",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28346"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/",
"url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"
}
],
"release_date": "2022-04-11T08:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-07-19T13:06:09+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor detailed instructions on how to apply this update, see:\nhttps://access.redhat.com/documentation/en-us/red_hat_update_infrastructure/4/html/migrating_red_hat_update_infrastructure/assembly_upgrading-red-hat-update-infrastructure_migrating-red-hat-update-infrastructure\n\nFor other information, consult the product documentation at:\nhttps://access.redhat.com/documentation/en-us/red_hat_update_infrastructure/4",
"product_ids": [
"8Base-RHUI-4:python-django-0:3.2.13-2.el8ui.src",
"8Base-RHUI-4:python-pulpcore-0:3.17.6-3.el8ui.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5602"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHUI-4:python-django-0:3.2.13-2.el8ui.src",
"8Base-RHUI-4:python-pulpcore-0:3.17.6-3.el8ui.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Django: SQL injection in QuerySet.annotate(),aggregate() and extra()"
},
{
"cve": "CVE-2022-28347",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2022-04-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHUI-4:ansible-collection-community-crypto-0:1.7.0-4.el8ui.noarch",
"8Base-RHUI-4:ansible-collection-community-crypto-0:1.7.0-4.el8ui.src",
"8Base-RHUI-4:createrepo_c-0:0.20.0-2.el8ui.src",
"8Base-RHUI-4:createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:createrepo_c-debugsource-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:createrepo_c-libs-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:createrepo_c-libs-debuginfo-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:pulpcore-selinux-0:1.3.0-1.el8ui.src",
"8Base-RHUI-4:pulpcore-selinux-0:1.3.0-1.el8ui.x86_64",
"8Base-RHUI-4:python-cryptography-0:3.1.1-2.el8ui.src",
"8Base-RHUI-4:python-cryptography-debugsource-0:3.1.1-2.el8ui.x86_64",
"8Base-RHUI-4:python-ecdsa-0:0.14.1-2.el8ui.src",
"8Base-RHUI-4:python-future-0:0.18.2-5.el8ui.src",
"8Base-RHUI-4:python-pulp-container-0:2.10.3-2.el8ui.src",
"8Base-RHUI-4:python-pulp-container-client-0:2.7.1-6.el8ui.src",
"8Base-RHUI-4:python-pulp-rpm-0:3.17.5-2.el8ui.src",
"8Base-RHUI-4:python-pyOpenSSL-0:19.1.0-3.el8ui.src",
"8Base-RHUI-4:python-pycryptodomex-0:3.14.1-2.el8ui.src",
"8Base-RHUI-4:python-pycryptodomex-debugsource-0:3.14.1-2.el8ui.x86_64",
"8Base-RHUI-4:python-pyjwkest-0:1.4.2-6.el8ui.src",
"8Base-RHUI-4:python-pyjwt-0:1.7.1-8.el8ui.src",
"8Base-RHUI-4:python-requests-0:2.27.1-2.el8ui.src",
"8Base-RHUI-4:python-url-normalize-0:1.4.3-4.el8ui.src",
"8Base-RHUI-4:python3-createrepo_c-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:python3-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:python3-pulp-container-client-0:2.7.1-6.el8ui.noarch",
"8Base-RHUI-4:python38-createrepo_c-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:python38-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:python38-cryptography-0:3.1.1-2.el8ui.x86_64",
"8Base-RHUI-4:python38-cryptography-debuginfo-0:3.1.1-2.el8ui.x86_64",
"8Base-RHUI-4:python38-django-0:3.2.13-2.el8ui.noarch",
"8Base-RHUI-4:python38-ecdsa-0:0.14.1-2.el8ui.noarch",
"8Base-RHUI-4:python38-future-0:0.18.2-5.el8ui.noarch",
"8Base-RHUI-4:python38-pulp-container-0:2.10.3-2.el8ui.noarch",
"8Base-RHUI-4:python38-pulp-rpm-0:3.17.5-2.el8ui.noarch",
"8Base-RHUI-4:python38-pyOpenSSL-0:19.1.0-3.el8ui.noarch",
"8Base-RHUI-4:python38-pycryptodomex-0:3.14.1-2.el8ui.x86_64",
"8Base-RHUI-4:python38-pycryptodomex-debuginfo-0:3.14.1-2.el8ui.x86_64",
"8Base-RHUI-4:python38-pyjwkest-0:1.4.2-6.el8ui.noarch",
"8Base-RHUI-4:python38-pyjwt-0:1.7.1-8.el8ui.noarch",
"8Base-RHUI-4:python38-requests-0:2.27.1-2.el8ui.noarch",
"8Base-RHUI-4:python38-url-normalize-0:1.4.3-4.el8ui.noarch",
"8Base-RHUI-4:rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.noarch",
"8Base-RHUI-4:rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.src",
"8Base-RHUI-4:rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.noarch",
"8Base-RHUI-4:rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.src",
"8Base-RHUI-4:rhui-installer-0:4.1.1.8-1.el8ui.noarch",
"8Base-RHUI-4:rhui-installer-0:4.1.1.8-1.el8ui.src",
"8Base-RHUI-4:rhui-tools-0:4.1.1.16-1.el8ui.noarch",
"8Base-RHUI-4:rhui-tools-0:4.1.1.16-1.el8ui.src",
"8Base-RHUI-4:rhui-tools-libs-0:4.1.1.16-1.el8ui.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072459"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Django package, leading to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: SQL injection via QuerySet.explain(options) on PostgreSQL",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack does ship the affected version of Django. However, the product is not vulnerable since it does not implement the vulnerable method QuerySet.explain() introduced in Django 2.1.x onward.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHUI-4:python-django-0:3.2.13-2.el8ui.src",
"8Base-RHUI-4:python-pulpcore-0:3.17.6-3.el8ui.src",
"8Base-RHUI-4:python38-pulpcore-0:3.17.6-3.el8ui.noarch"
],
"known_not_affected": [
"8Base-RHUI-4:ansible-collection-community-crypto-0:1.7.0-4.el8ui.noarch",
"8Base-RHUI-4:ansible-collection-community-crypto-0:1.7.0-4.el8ui.src",
"8Base-RHUI-4:createrepo_c-0:0.20.0-2.el8ui.src",
"8Base-RHUI-4:createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:createrepo_c-debugsource-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:createrepo_c-libs-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:createrepo_c-libs-debuginfo-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:pulpcore-selinux-0:1.3.0-1.el8ui.src",
"8Base-RHUI-4:pulpcore-selinux-0:1.3.0-1.el8ui.x86_64",
"8Base-RHUI-4:python-cryptography-0:3.1.1-2.el8ui.src",
"8Base-RHUI-4:python-cryptography-debugsource-0:3.1.1-2.el8ui.x86_64",
"8Base-RHUI-4:python-ecdsa-0:0.14.1-2.el8ui.src",
"8Base-RHUI-4:python-future-0:0.18.2-5.el8ui.src",
"8Base-RHUI-4:python-pulp-container-0:2.10.3-2.el8ui.src",
"8Base-RHUI-4:python-pulp-container-client-0:2.7.1-6.el8ui.src",
"8Base-RHUI-4:python-pulp-rpm-0:3.17.5-2.el8ui.src",
"8Base-RHUI-4:python-pyOpenSSL-0:19.1.0-3.el8ui.src",
"8Base-RHUI-4:python-pycryptodomex-0:3.14.1-2.el8ui.src",
"8Base-RHUI-4:python-pycryptodomex-debugsource-0:3.14.1-2.el8ui.x86_64",
"8Base-RHUI-4:python-pyjwkest-0:1.4.2-6.el8ui.src",
"8Base-RHUI-4:python-pyjwt-0:1.7.1-8.el8ui.src",
"8Base-RHUI-4:python-requests-0:2.27.1-2.el8ui.src",
"8Base-RHUI-4:python-url-normalize-0:1.4.3-4.el8ui.src",
"8Base-RHUI-4:python3-createrepo_c-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:python3-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:python3-pulp-container-client-0:2.7.1-6.el8ui.noarch",
"8Base-RHUI-4:python38-createrepo_c-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:python38-createrepo_c-debuginfo-0:0.20.0-2.el8ui.x86_64",
"8Base-RHUI-4:python38-cryptography-0:3.1.1-2.el8ui.x86_64",
"8Base-RHUI-4:python38-cryptography-debuginfo-0:3.1.1-2.el8ui.x86_64",
"8Base-RHUI-4:python38-django-0:3.2.13-2.el8ui.noarch",
"8Base-RHUI-4:python38-ecdsa-0:0.14.1-2.el8ui.noarch",
"8Base-RHUI-4:python38-future-0:0.18.2-5.el8ui.noarch",
"8Base-RHUI-4:python38-pulp-container-0:2.10.3-2.el8ui.noarch",
"8Base-RHUI-4:python38-pulp-rpm-0:3.17.5-2.el8ui.noarch",
"8Base-RHUI-4:python38-pyOpenSSL-0:19.1.0-3.el8ui.noarch",
"8Base-RHUI-4:python38-pycryptodomex-0:3.14.1-2.el8ui.x86_64",
"8Base-RHUI-4:python38-pycryptodomex-debuginfo-0:3.14.1-2.el8ui.x86_64",
"8Base-RHUI-4:python38-pyjwkest-0:1.4.2-6.el8ui.noarch",
"8Base-RHUI-4:python38-pyjwt-0:1.7.1-8.el8ui.noarch",
"8Base-RHUI-4:python38-requests-0:2.27.1-2.el8ui.noarch",
"8Base-RHUI-4:python38-url-normalize-0:1.4.3-4.el8ui.noarch",
"8Base-RHUI-4:rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.noarch",
"8Base-RHUI-4:rhui-cds-plugin-authorizer-cert-0:1.0.5-1.el8ui.src",
"8Base-RHUI-4:rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.noarch",
"8Base-RHUI-4:rhui-cds-plugin-fetcher-0:1.0.5-1.el8ui.src",
"8Base-RHUI-4:rhui-installer-0:4.1.1.8-1.el8ui.noarch",
"8Base-RHUI-4:rhui-installer-0:4.1.1.8-1.el8ui.src",
"8Base-RHUI-4:rhui-tools-0:4.1.1.16-1.el8ui.noarch",
"8Base-RHUI-4:rhui-tools-0:4.1.1.16-1.el8ui.src",
"8Base-RHUI-4:rhui-tools-libs-0:4.1.1.16-1.el8ui.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28347"
},
{
"category": "external",
"summary": "RHBZ#2072459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072459"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28347",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28347"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28347",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28347"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/",
"url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"
}
],
"release_date": "2022-04-11T08:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-07-19T13:06:09+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor detailed instructions on how to apply this update, see:\nhttps://access.redhat.com/documentation/en-us/red_hat_update_infrastructure/4/html/migrating_red_hat_update_infrastructure/assembly_upgrading-red-hat-update-infrastructure_migrating-red-hat-update-infrastructure\n\nFor other information, consult the product documentation at:\nhttps://access.redhat.com/documentation/en-us/red_hat_update_infrastructure/4",
"product_ids": [
"8Base-RHUI-4:python-django-0:3.2.13-2.el8ui.src",
"8Base-RHUI-4:python-pulpcore-0:3.17.6-3.el8ui.src",
"8Base-RHUI-4:python38-pulpcore-0:3.17.6-3.el8ui.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5602"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHUI-4:python-django-0:3.2.13-2.el8ui.src",
"8Base-RHUI-4:python-pulpcore-0:3.17.6-3.el8ui.src",
"8Base-RHUI-4:python38-pulpcore-0:3.17.6-3.el8ui.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Django: SQL injection via QuerySet.explain(options) on PostgreSQL"
}
]
}
RHSA-2022_5702
Vulnerability from csaf_redhat - Published: 2022-07-25 18:33 - Updated: 2024-11-22 19:37Summary
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.1.2 security and bug fix update
Severity
Important
Notes
Topic: An update is now available for Red Hat Ansible Automation Platform 2.1
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.
Security Fix(es):
* automation-controller: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() (CVE-2022-28346)
* automation-controller: Django: SQL injection via QuerySet.explain(options) on PostgreSQL (CVE-2022-28347)
* python-django: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() (CVE-2022-28346)
* python-django: Django: SQL injection via QuerySet.explain(options) on PostgreSQL (CVE-2022-28347)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.
9.4 (Critical)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:automation-controller-cli-0:4.1.2-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:automation-controller-server-0:4.1.2-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:automation-controller-ui-0:4.1.2-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:automation-controller-venv-tower-0:4.1.2-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python-django-0:3.2.13-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python38-django-0:3.2.13-1.el8pc.noarch | — |
Vendor Fix
fix
|
Known not affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:pulpcore-selinux-0:1.3.1-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:pulpcore-selinux-0:1.3.1-1.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python-jinja2-0:3.0.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python-markupsafe-0:2.0.1-2.el8pc.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python-markupsafe-debugsource-0:2.0.1-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python-naya-0:1.1.1-1.el8pc.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python-pulpcore-0:3.15.9-2.el8pc.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python3-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python38-jinja2-0:3.0.3-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python38-markupsafe-0:2.0.1-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python38-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python38-naya-0:1.1.1-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python38-pulpcore-0:3.15.9-2.el8pc.noarch | — |
Threats
Impact
Important
A flaw was found in the Django package, leading to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.
9.4 (Critical)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:automation-controller-cli-0:4.1.2-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:automation-controller-server-0:4.1.2-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:automation-controller-ui-0:4.1.2-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:automation-controller-venv-tower-0:4.1.2-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python-django-0:3.2.13-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python38-django-0:3.2.13-1.el8pc.noarch | — |
Vendor Fix
fix
|
Known not affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:pulpcore-selinux-0:1.3.1-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:pulpcore-selinux-0:1.3.1-1.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python-jinja2-0:3.0.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python-markupsafe-0:2.0.1-2.el8pc.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python-markupsafe-debugsource-0:2.0.1-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python-naya-0:1.1.1-1.el8pc.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python-pulpcore-0:3.15.9-2.el8pc.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python3-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python38-jinja2-0:3.0.3-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python38-markupsafe-0:2.0.1-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python38-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python38-naya-0:1.1.1-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.1:python38-pulpcore-0:3.15.9-2.el8pc.noarch | — |
Threats
Impact
Important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Ansible Automation Platform 2.1\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.\n\nSecurity Fix(es):\n\n* automation-controller: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() (CVE-2022-28346)\n\n* automation-controller: Django: SQL injection via QuerySet.explain(options) on PostgreSQL (CVE-2022-28347)\n\n* python-django: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() (CVE-2022-28346)\n\n* python-django: Django: SQL injection via QuerySet.explain(options) on PostgreSQL (CVE-2022-28347)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:5702",
"url": "https://access.redhat.com/errata/RHSA-2022:5702"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2072447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072447"
},
{
"category": "external",
"summary": "2072459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072459"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5702.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.1.2 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T19:37:17+00:00",
"generator": {
"date": "2024-11-22T19:37:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:5702",
"initial_release_date": "2022-07-25T18:33:26+00:00",
"revision_history": [
{
"date": "2022-07-25T18:33:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-07-25T18:33:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T19:37:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product": {
"name": "Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "python-django-0:3.2.13-1.el8pc.src",
"product": {
"name": "python-django-0:3.2.13-1.el8pc.src",
"product_id": "python-django-0:3.2.13-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django@3.2.13-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-naya-0:1.1.1-1.el8pc.src",
"product": {
"name": "python-naya-0:1.1.1-1.el8pc.src",
"product_id": "python-naya-0:1.1.1-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-naya@1.1.1-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.1.2-2.el8ap.src",
"product": {
"name": "automation-controller-0:4.1.2-2.el8ap.src",
"product_id": "automation-controller-0:4.1.2-2.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.1.2-2.el8ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulpcore-0:3.15.9-2.el8pc.src",
"product": {
"name": "python-pulpcore-0:3.15.9-2.el8pc.src",
"product_id": "python-pulpcore-0:3.15.9-2.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulpcore@3.15.9-2.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-markupsafe-0:2.0.1-2.el8pc.src",
"product": {
"name": "python-markupsafe-0:2.0.1-2.el8pc.src",
"product_id": "python-markupsafe-0:2.0.1-2.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-markupsafe@2.0.1-2.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-jinja2-0:3.0.3-1.el8pc.src",
"product": {
"name": "python-jinja2-0:3.0.3-1.el8pc.src",
"product_id": "python-jinja2-0:3.0.3-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-jinja2@3.0.3-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "pulpcore-selinux-0:1.3.1-1.el8ap.src",
"product": {
"name": "pulpcore-selinux-0:1.3.1-1.el8ap.src",
"product_id": "pulpcore-selinux-0:1.3.1-1.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pulpcore-selinux@1.3.1-1.el8ap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python38-django-0:3.2.13-1.el8pc.noarch",
"product": {
"name": "python38-django-0:3.2.13-1.el8pc.noarch",
"product_id": "python38-django-0:3.2.13-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-django@3.2.13-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-naya-0:1.1.1-1.el8pc.noarch",
"product": {
"name": "python38-naya-0:1.1.1-1.el8pc.noarch",
"product_id": "python38-naya-0:1.1.1-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-naya@1.1.1-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-pulpcore-0:3.15.9-2.el8pc.noarch",
"product": {
"name": "python38-pulpcore-0:3.15.9-2.el8pc.noarch",
"product_id": "python38-pulpcore-0:3.15.9-2.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-pulpcore@3.15.9-2.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-jinja2-0:3.0.3-1.el8pc.noarch",
"product": {
"name": "python38-jinja2-0:3.0.3-1.el8pc.noarch",
"product_id": "python38-jinja2-0:3.0.3-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-jinja2@3.0.3-1.el8pc?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "automation-controller-0:4.1.2-2.el8ap.x86_64",
"product": {
"name": "automation-controller-0:4.1.2-2.el8ap.x86_64",
"product_id": "automation-controller-0:4.1.2-2.el8ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.1.2-2.el8ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-cli-0:4.1.2-2.el8ap.x86_64",
"product": {
"name": "automation-controller-cli-0:4.1.2-2.el8ap.x86_64",
"product_id": "automation-controller-cli-0:4.1.2-2.el8ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-cli@4.1.2-2.el8ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-server-0:4.1.2-2.el8ap.x86_64",
"product": {
"name": "automation-controller-server-0:4.1.2-2.el8ap.x86_64",
"product_id": "automation-controller-server-0:4.1.2-2.el8ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-server@4.1.2-2.el8ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-ui-0:4.1.2-2.el8ap.x86_64",
"product": {
"name": "automation-controller-ui-0:4.1.2-2.el8ap.x86_64",
"product_id": "automation-controller-ui-0:4.1.2-2.el8ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-ui@4.1.2-2.el8ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.1.2-2.el8ap.x86_64",
"product": {
"name": "automation-controller-venv-tower-0:4.1.2-2.el8ap.x86_64",
"product_id": "automation-controller-venv-tower-0:4.1.2-2.el8ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.1.2-2.el8ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python38-markupsafe-0:2.0.1-2.el8pc.x86_64",
"product": {
"name": "python38-markupsafe-0:2.0.1-2.el8pc.x86_64",
"product_id": "python38-markupsafe-0:2.0.1-2.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-markupsafe@2.0.1-2.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-markupsafe-debugsource-0:2.0.1-2.el8pc.x86_64",
"product": {
"name": "python-markupsafe-debugsource-0:2.0.1-2.el8pc.x86_64",
"product_id": "python-markupsafe-debugsource-0:2.0.1-2.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-markupsafe-debugsource@2.0.1-2.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"product": {
"name": "python-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"product_id": "python-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-markupsafe-debuginfo@2.0.1-2.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"product": {
"name": "python3-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"product_id": "python3-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-markupsafe-debuginfo@2.0.1-2.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python38-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"product": {
"name": "python38-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"product_id": "python38-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-markupsafe-debuginfo@2.0.1-2.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pulpcore-selinux-0:1.3.1-1.el8ap.x86_64",
"product": {
"name": "pulpcore-selinux-0:1.3.1-1.el8ap.x86_64",
"product_id": "pulpcore-selinux-0:1.3.1-1.el8ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pulpcore-selinux@1.3.1-1.el8ap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.1.2-2.el8ap.src as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.src"
},
"product_reference": "automation-controller-0:4.1.2-2.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.1.2-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.x86_64"
},
"product_reference": "automation-controller-0:4.1.2-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-cli-0:4.1.2-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:automation-controller-cli-0:4.1.2-2.el8ap.x86_64"
},
"product_reference": "automation-controller-cli-0:4.1.2-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-server-0:4.1.2-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:automation-controller-server-0:4.1.2-2.el8ap.x86_64"
},
"product_reference": "automation-controller-server-0:4.1.2-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-ui-0:4.1.2-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:automation-controller-ui-0:4.1.2-2.el8ap.x86_64"
},
"product_reference": "automation-controller-ui-0:4.1.2-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.1.2-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:automation-controller-venv-tower-0:4.1.2-2.el8ap.x86_64"
},
"product_reference": "automation-controller-venv-tower-0:4.1.2-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pulpcore-selinux-0:1.3.1-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:pulpcore-selinux-0:1.3.1-1.el8ap.src"
},
"product_reference": "pulpcore-selinux-0:1.3.1-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pulpcore-selinux-0:1.3.1-1.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:pulpcore-selinux-0:1.3.1-1.el8ap.x86_64"
},
"product_reference": "pulpcore-selinux-0:1.3.1-1.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:3.2.13-1.el8pc.src as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:python-django-0:3.2.13-1.el8pc.src"
},
"product_reference": "python-django-0:3.2.13-1.el8pc.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-jinja2-0:3.0.3-1.el8pc.src as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:python-jinja2-0:3.0.3-1.el8pc.src"
},
"product_reference": "python-jinja2-0:3.0.3-1.el8pc.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-markupsafe-0:2.0.1-2.el8pc.src as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:python-markupsafe-0:2.0.1-2.el8pc.src"
},
"product_reference": "python-markupsafe-0:2.0.1-2.el8pc.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64 as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:python-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64"
},
"product_reference": "python-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-markupsafe-debugsource-0:2.0.1-2.el8pc.x86_64 as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:python-markupsafe-debugsource-0:2.0.1-2.el8pc.x86_64"
},
"product_reference": "python-markupsafe-debugsource-0:2.0.1-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-naya-0:1.1.1-1.el8pc.src as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:python-naya-0:1.1.1-1.el8pc.src"
},
"product_reference": "python-naya-0:1.1.1-1.el8pc.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulpcore-0:3.15.9-2.el8pc.src as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:python-pulpcore-0:3.15.9-2.el8pc.src"
},
"product_reference": "python-pulpcore-0:3.15.9-2.el8pc.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64 as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:python3-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64"
},
"product_reference": "python3-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-django-0:3.2.13-1.el8pc.noarch as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:python38-django-0:3.2.13-1.el8pc.noarch"
},
"product_reference": "python38-django-0:3.2.13-1.el8pc.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-jinja2-0:3.0.3-1.el8pc.noarch as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:python38-jinja2-0:3.0.3-1.el8pc.noarch"
},
"product_reference": "python38-jinja2-0:3.0.3-1.el8pc.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-markupsafe-0:2.0.1-2.el8pc.x86_64 as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:python38-markupsafe-0:2.0.1-2.el8pc.x86_64"
},
"product_reference": "python38-markupsafe-0:2.0.1-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64 as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:python38-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64"
},
"product_reference": "python38-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-naya-0:1.1.1-1.el8pc.noarch as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:python38-naya-0:1.1.1-1.el8pc.noarch"
},
"product_reference": "python38-naya-0:1.1.1-1.el8pc.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-pulpcore-0:3.15.9-2.el8pc.noarch as a component of Red Hat Ansible Automation Platform 2.1 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.1:python38-pulpcore-0:3.15.9-2.el8pc.noarch"
},
"product_reference": "python38-pulpcore-0:3.15.9-2.el8pc.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-28346",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2022-04-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.1:pulpcore-selinux-0:1.3.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.1:pulpcore-selinux-0:1.3.1-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-jinja2-0:3.0.3-1.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python-markupsafe-0:2.0.1-2.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-markupsafe-debugsource-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-naya-0:1.1.1-1.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python-pulpcore-0:3.15.9-2.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python3-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python38-jinja2-0:3.0.3-1.el8pc.noarch",
"8Base-Ansible-Automation-Platform-2.1:python38-markupsafe-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python38-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python38-naya-0:1.1.1-1.el8pc.noarch",
"8Base-Ansible-Automation-Platform-2.1:python38-pulpcore-0:3.15.9-2.el8pc.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072447"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: SQL injection in QuerySet.annotate(),aggregate() and extra()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack does ship the affected version of Django, however, vulnerability is not exposed in the product as it does not make use of vulnerable code. We may update Django in a future release of OpenStack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-cli-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-server-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-ui-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-venv-tower-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-django-0:3.2.13-1.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python38-django-0:3.2.13-1.el8pc.noarch"
],
"known_not_affected": [
"8Base-Ansible-Automation-Platform-2.1:pulpcore-selinux-0:1.3.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.1:pulpcore-selinux-0:1.3.1-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-jinja2-0:3.0.3-1.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python-markupsafe-0:2.0.1-2.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-markupsafe-debugsource-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-naya-0:1.1.1-1.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python-pulpcore-0:3.15.9-2.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python3-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python38-jinja2-0:3.0.3-1.el8pc.noarch",
"8Base-Ansible-Automation-Platform-2.1:python38-markupsafe-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python38-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python38-naya-0:1.1.1-1.el8pc.noarch",
"8Base-Ansible-Automation-Platform-2.1:python38-pulpcore-0:3.15.9-2.el8pc.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28346"
},
{
"category": "external",
"summary": "RHBZ#2072447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28346",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28346"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28346",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28346"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/",
"url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"
}
],
"release_date": "2022-04-11T08:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-07-25T18:33:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-cli-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-server-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-ui-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-venv-tower-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-django-0:3.2.13-1.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python38-django-0:3.2.13-1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5702"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-cli-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-server-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-ui-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-venv-tower-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-django-0:3.2.13-1.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python38-django-0:3.2.13-1.el8pc.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Django: SQL injection in QuerySet.annotate(),aggregate() and extra()"
},
{
"cve": "CVE-2022-28347",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2022-04-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.1:pulpcore-selinux-0:1.3.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.1:pulpcore-selinux-0:1.3.1-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-jinja2-0:3.0.3-1.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python-markupsafe-0:2.0.1-2.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-markupsafe-debugsource-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-naya-0:1.1.1-1.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python-pulpcore-0:3.15.9-2.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python3-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python38-jinja2-0:3.0.3-1.el8pc.noarch",
"8Base-Ansible-Automation-Platform-2.1:python38-markupsafe-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python38-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python38-naya-0:1.1.1-1.el8pc.noarch",
"8Base-Ansible-Automation-Platform-2.1:python38-pulpcore-0:3.15.9-2.el8pc.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072459"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Django package, leading to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: SQL injection via QuerySet.explain(options) on PostgreSQL",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack does ship the affected version of Django. However, the product is not vulnerable since it does not implement the vulnerable method QuerySet.explain() introduced in Django 2.1.x onward.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-cli-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-server-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-ui-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-venv-tower-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-django-0:3.2.13-1.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python38-django-0:3.2.13-1.el8pc.noarch"
],
"known_not_affected": [
"8Base-Ansible-Automation-Platform-2.1:pulpcore-selinux-0:1.3.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.1:pulpcore-selinux-0:1.3.1-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-jinja2-0:3.0.3-1.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python-markupsafe-0:2.0.1-2.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-markupsafe-debugsource-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-naya-0:1.1.1-1.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python-pulpcore-0:3.15.9-2.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python3-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python38-jinja2-0:3.0.3-1.el8pc.noarch",
"8Base-Ansible-Automation-Platform-2.1:python38-markupsafe-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python38-markupsafe-debuginfo-0:2.0.1-2.el8pc.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python38-naya-0:1.1.1-1.el8pc.noarch",
"8Base-Ansible-Automation-Platform-2.1:python38-pulpcore-0:3.15.9-2.el8pc.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28347"
},
{
"category": "external",
"summary": "RHBZ#2072459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072459"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28347",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28347"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28347",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28347"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/",
"url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"
}
],
"release_date": "2022-04-11T08:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-07-25T18:33:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-cli-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-server-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-ui-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-venv-tower-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-django-0:3.2.13-1.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python38-django-0:3.2.13-1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5702"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-cli-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-server-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-ui-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:automation-controller-venv-tower-0:4.1.2-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.1:python-django-0:3.2.13-1.el8pc.src",
"8Base-Ansible-Automation-Platform-2.1:python38-django-0:3.2.13-1.el8pc.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Django: SQL injection via QuerySet.explain(options) on PostgreSQL"
}
]
}
RHSA-2022_5703
Vulnerability from csaf_redhat - Published: 2022-07-25 19:53 - Updated: 2024-11-22 19:37Summary
Red Hat Security Advisory: Red Hat Ansible Automation Platform 1.2 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat Ansible Automation Platform 1.2
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Ansible Automation Platform integrates Red Hat’s automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine, and use-case specific capabilities for Microsoft Windows,network, security, and more, along with Software-as-a-Service (SaaS)-based capabilities and features for organization-wide effectiveness.
Security Fix(es):
* python3-django: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() (CVE-2022-28346)
* python3-django: Django: SQL injection via QuerySet.explain(options) on PostgreSQL (CVE-2022-28347)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.
9.4 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the Django package, leading to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.
9.4 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Ansible Automation Platform 1.2\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ansible Automation Platform integrates Red Hat\u2019s automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine, and use-case specific capabilities for Microsoft Windows,network, security, and more, along with Software-as-a-Service (SaaS)-based capabilities and features for organization-wide effectiveness.\n\nSecurity Fix(es):\n\n* python3-django: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() (CVE-2022-28346)\n\n* python3-django: Django: SQL injection via QuerySet.explain(options) on PostgreSQL (CVE-2022-28347)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:5703",
"url": "https://access.redhat.com/errata/RHSA-2022:5703"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2072447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072447"
},
{
"category": "external",
"summary": "2072459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072459"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5703.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Automation Platform 1.2 security update",
"tracking": {
"current_release_date": "2024-11-22T19:37:10+00:00",
"generator": {
"date": "2024-11-22T19:37:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:5703",
"initial_release_date": "2022-07-25T19:53:29+00:00",
"revision_history": [
{
"date": "2022-07-25T19:53:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-07-25T19:53:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T19:37:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Automation Hub 4.2 for RHEL 8",
"product": {
"name": "Red Hat Automation Hub 4.2 for RHEL 8",
"product_id": "8Base-Automation-Hub-4.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:4.2::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Automation Hub 4.2 for RHEL 7",
"product": {
"name": "Red Hat Automation Hub 4.2 for RHEL 7",
"product_id": "7Server-Automation-Hub-4.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:4.2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-django-0:2.2.28-1.el8pc.src",
"product": {
"name": "python3-django-0:2.2.28-1.el8pc.src",
"product_id": "python3-django-0:2.2.28-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-django@2.2.28-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3-django-0:2.2.28-1.el7pc.src",
"product": {
"name": "python3-django-0:2.2.28-1.el7pc.src",
"product_id": "python3-django-0:2.2.28-1.el7pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-django@2.2.28-1.el7pc?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-django-0:2.2.28-1.el8pc.noarch",
"product": {
"name": "python3-django-0:2.2.28-1.el8pc.noarch",
"product_id": "python3-django-0:2.2.28-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-django@2.2.28-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-django-0:2.2.28-1.el7pc.noarch",
"product": {
"name": "python3-django-0:2.2.28-1.el7pc.noarch",
"product_id": "python3-django-0:2.2.28-1.el7pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-django@2.2.28-1.el7pc?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-django-0:2.2.28-1.el7pc.noarch as a component of Red Hat Automation Hub 4.2 for RHEL 7",
"product_id": "7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.noarch"
},
"product_reference": "python3-django-0:2.2.28-1.el7pc.noarch",
"relates_to_product_reference": "7Server-Automation-Hub-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-django-0:2.2.28-1.el7pc.src as a component of Red Hat Automation Hub 4.2 for RHEL 7",
"product_id": "7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.src"
},
"product_reference": "python3-django-0:2.2.28-1.el7pc.src",
"relates_to_product_reference": "7Server-Automation-Hub-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-django-0:2.2.28-1.el8pc.noarch as a component of Red Hat Automation Hub 4.2 for RHEL 8",
"product_id": "8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.noarch"
},
"product_reference": "python3-django-0:2.2.28-1.el8pc.noarch",
"relates_to_product_reference": "8Base-Automation-Hub-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-django-0:2.2.28-1.el8pc.src as a component of Red Hat Automation Hub 4.2 for RHEL 8",
"product_id": "8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.src"
},
"product_reference": "python3-django-0:2.2.28-1.el8pc.src",
"relates_to_product_reference": "8Base-Automation-Hub-4.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-28346",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2022-04-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072447"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: SQL injection in QuerySet.annotate(),aggregate() and extra()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack does ship the affected version of Django, however, vulnerability is not exposed in the product as it does not make use of vulnerable code. We may update Django in a future release of OpenStack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.noarch",
"7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.src",
"8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.noarch",
"8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28346"
},
{
"category": "external",
"summary": "RHBZ#2072447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28346",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28346"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28346",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28346"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/",
"url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"
}
],
"release_date": "2022-04-11T08:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-07-25T19:53:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.noarch",
"7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.src",
"8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.noarch",
"8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5703"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.noarch",
"7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.src",
"8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.noarch",
"8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Django: SQL injection in QuerySet.annotate(),aggregate() and extra()"
},
{
"cve": "CVE-2022-28347",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2022-04-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072459"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Django package, leading to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: SQL injection via QuerySet.explain(options) on PostgreSQL",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack does ship the affected version of Django. However, the product is not vulnerable since it does not implement the vulnerable method QuerySet.explain() introduced in Django 2.1.x onward.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.noarch",
"7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.src",
"8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.noarch",
"8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28347"
},
{
"category": "external",
"summary": "RHBZ#2072459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072459"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28347",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28347"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28347",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28347"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/",
"url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"
}
],
"release_date": "2022-04-11T08:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-07-25T19:53:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.noarch",
"7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.src",
"8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.noarch",
"8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5703"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.noarch",
"7Server-Automation-Hub-4.2:python3-django-0:2.2.28-1.el7pc.src",
"8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.noarch",
"8Base-Automation-Hub-4.2:python3-django-0:2.2.28-1.el8pc.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Django: SQL injection via QuerySet.explain(options) on PostgreSQL"
}
]
}
RHSA-2022_8872
Vulnerability from csaf_redhat - Published: 2022-12-07 20:29 - Updated: 2024-11-22 19:37Summary
Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (python-django20) security update
Severity
Important
Notes
Topic: An update for python-django20 is now available for Red Hat OpenStack
Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: Security Fix(es):
* SQL injection in QuerySet.annotate() aggregate() and extra()
(CVE-2022-28346)
* Possible XSS via '{% debug %}' template tag (CVE-2022-22818)
* Denial of service possibility in file uploads (CVE-2022-23833)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Django. The ``{% debug %}`` template tag did not properly encode the current context, posing a Cross-site scripting attack vector (XSS).
6.1 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:python-django20-0:2.0.13-18.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:python-django20-bash-completion-0:2.0.13-18.el8ost.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-django20-0:2.0.13-18.el8ost.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Django. The issue occurs when passing certain inputs to multipart forms, resulting in an infinite loop when parsing files.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:python-django20-0:2.0.13-18.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:python-django20-bash-completion-0:2.0.13-18.el8ost.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-django20-0:2.0.13-18.el8ost.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.
9.4 (Critical)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:python-django20-0:2.0.13-18.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:python-django20-bash-completion-0:2.0.13-18.el8ost.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-django20-0:2.0.13-18.el8ost.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python-django20 is now available for Red Hat OpenStack\nPlatform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* SQL injection in QuerySet.annotate() aggregate() and extra()\n(CVE-2022-28346)\n\n* Possible XSS via \u0027{% debug %}\u0027 template tag (CVE-2022-22818)\n\n* Denial of service possibility in file uploads (CVE-2022-23833)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8872",
"url": "https://access.redhat.com/errata/RHSA-2022:8872"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2048775",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048775"
},
{
"category": "external",
"summary": "2048778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048778"
},
{
"category": "external",
"summary": "2072447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072447"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8872.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (python-django20) security update",
"tracking": {
"current_release_date": "2024-11-22T19:37:54+00:00",
"generator": {
"date": "2024-11-22T19:37:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:8872",
"initial_release_date": "2022-12-07T20:29:25+00:00",
"revision_history": [
{
"date": "2022-12-07T20:29:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-12-07T20:29:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T19:37:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.1",
"product": {
"name": "Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "python-django20-0:2.0.13-18.el8ost.src",
"product": {
"name": "python-django20-0:2.0.13-18.el8ost.src",
"product_id": "python-django20-0:2.0.13-18.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django20@2.0.13-18.el8ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python-django20-bash-completion-0:2.0.13-18.el8ost.noarch",
"product": {
"name": "python-django20-bash-completion-0:2.0.13-18.el8ost.noarch",
"product_id": "python-django20-bash-completion-0:2.0.13-18.el8ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django20-bash-completion@2.0.13-18.el8ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-django20-0:2.0.13-18.el8ost.noarch",
"product": {
"name": "python3-django20-0:2.0.13-18.el8ost.noarch",
"product_id": "python3-django20-0:2.0.13-18.el8ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-django20@2.0.13-18.el8ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django20-0:2.0.13-18.el8ost.src as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python-django20-0:2.0.13-18.el8ost.src"
},
"product_reference": "python-django20-0:2.0.13-18.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django20-bash-completion-0:2.0.13-18.el8ost.noarch as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python-django20-bash-completion-0:2.0.13-18.el8ost.noarch"
},
"product_reference": "python-django20-bash-completion-0:2.0.13-18.el8ost.noarch",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-django20-0:2.0.13-18.el8ost.noarch as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python3-django20-0:2.0.13-18.el8ost.noarch"
},
"product_reference": "python3-django20-0:2.0.13-18.el8ost.noarch",
"relates_to_product_reference": "8Base-RHOS-16.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-22818",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2048775"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. The ``{% debug %}`` template tag did not properly encode the current context, posing a Cross-site scripting attack vector (XSS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "django: Possible XSS via \u0027{% debug %}\u0027 template tag",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:python-django20-0:2.0.13-18.el8ost.src",
"8Base-RHOS-16.1:python-django20-bash-completion-0:2.0.13-18.el8ost.noarch",
"8Base-RHOS-16.1:python3-django20-0:2.0.13-18.el8ost.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22818"
},
{
"category": "external",
"summary": "RHBZ#2048775",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048775"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22818",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22818"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22818",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22818"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2022/feb/01/security-releases/",
"url": "https://www.djangoproject.com/weblog/2022/feb/01/security-releases/"
}
],
"release_date": "2022-02-01T08:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-07T20:29:25+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:python-django20-0:2.0.13-18.el8ost.src",
"8Base-RHOS-16.1:python-django20-bash-completion-0:2.0.13-18.el8ost.noarch",
"8Base-RHOS-16.1:python3-django20-0:2.0.13-18.el8ost.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8872"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:python-django20-0:2.0.13-18.el8ost.src",
"8Base-RHOS-16.1:python-django20-bash-completion-0:2.0.13-18.el8ost.noarch",
"8Base-RHOS-16.1:python3-django20-0:2.0.13-18.el8ost.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "django: Possible XSS via \u0027{% debug %}\u0027 template tag"
},
{
"cve": "CVE-2022-23833",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2022-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2048778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. The issue occurs when passing certain inputs to multipart forms, resulting in an infinite loop when parsing files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "django: Denial-of-service possibility in file uploads",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:python-django20-0:2.0.13-18.el8ost.src",
"8Base-RHOS-16.1:python-django20-bash-completion-0:2.0.13-18.el8ost.noarch",
"8Base-RHOS-16.1:python3-django20-0:2.0.13-18.el8ost.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23833"
},
{
"category": "external",
"summary": "RHBZ#2048778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23833",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23833"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2022/feb/01/security-releases/",
"url": "https://www.djangoproject.com/weblog/2022/feb/01/security-releases/"
}
],
"release_date": "2022-02-01T08:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-07T20:29:25+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:python-django20-0:2.0.13-18.el8ost.src",
"8Base-RHOS-16.1:python-django20-bash-completion-0:2.0.13-18.el8ost.noarch",
"8Base-RHOS-16.1:python3-django20-0:2.0.13-18.el8ost.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8872"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:python-django20-0:2.0.13-18.el8ost.src",
"8Base-RHOS-16.1:python-django20-bash-completion-0:2.0.13-18.el8ost.noarch",
"8Base-RHOS-16.1:python3-django20-0:2.0.13-18.el8ost.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "django: Denial-of-service possibility in file uploads"
},
{
"cve": "CVE-2022-28346",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2022-04-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072447"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: SQL injection in QuerySet.annotate(),aggregate() and extra()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack does ship the affected version of Django, however, vulnerability is not exposed in the product as it does not make use of vulnerable code. We may update Django in a future release of OpenStack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:python-django20-0:2.0.13-18.el8ost.src",
"8Base-RHOS-16.1:python-django20-bash-completion-0:2.0.13-18.el8ost.noarch",
"8Base-RHOS-16.1:python3-django20-0:2.0.13-18.el8ost.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28346"
},
{
"category": "external",
"summary": "RHBZ#2072447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28346",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28346"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28346",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28346"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/",
"url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"
}
],
"release_date": "2022-04-11T08:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-07T20:29:25+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:python-django20-0:2.0.13-18.el8ost.src",
"8Base-RHOS-16.1:python-django20-bash-completion-0:2.0.13-18.el8ost.noarch",
"8Base-RHOS-16.1:python3-django20-0:2.0.13-18.el8ost.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8872"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:python-django20-0:2.0.13-18.el8ost.src",
"8Base-RHOS-16.1:python-django20-bash-completion-0:2.0.13-18.el8ost.noarch",
"8Base-RHOS-16.1:python3-django20-0:2.0.13-18.el8ost.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Django: SQL injection in QuerySet.annotate(),aggregate() and extra()"
}
]
}
SUSE-SU-2022:3338-1
Vulnerability from csaf_suse - Published: 2022-09-22 14:15 - Updated: 2022-09-22 14:15Summary
Security update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma
Severity
Moderate
Notes
Title of the patch: Security update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma
Description of the patch: This update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma fixes the following issues:
Security updates included on this update:
ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, rabbitmq-server:
- CVE-2020-1734: Fixed vulnerability where shell was enabled by default in a pipe lookup plugin subprocess. (SOC-11662, bnc#1164139)
- CVE-2021-44716: Fixed uncontrolled memory consumption in go's net/http. (bsc#1193597)
- CVE-2019-11287: Fixed DoS via 'X-Reason' HTTP Header in malicious Erlang format string. (bsc#1157665)
grafana:
- CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454).
- CVE-2021-44716: Fixed uncontrolled memory consumption in go's net/http (bsc#1193597).
python-Django:
- CVE-2022-28346: Fixed vulnerability that could lead to SQL injection in QuerySet.annotate(),aggregate() and extra(). (bsc#1198398)
- CVE-2022-34265: Fixed vulnerability that could lead to SQL injection via Trunc(kind) and Extract(lookup_name) arguments. (bsc#1201186)
rubygem puma:
- CVE-2022-24790: Fixed HTTP request smuggling vulnerability. (bsc#1197818)
Additional information about the this update:
Changes in ardana-ansible:
- Update to version 8.0+git.1660773729.3789a6d:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in ardana-cobbler:
- Update to version 8.0+git.1660773402.d845a45:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in grafana:
- Add CVE-2021-39226 patch (bsc#1191454, CVE-2021-39226)
* snapshot authentication bypass
- Bump Go to 1.16 (bsc#1193597, CVE-2021-44716)
* Fix Go net/http: limit growth of header canonicalization cache.
Changes in openstack-heat-templates:
- Update to version 0.0.0+git.1654529662.75fa04a:
* doc: Comment out language option
Changes in openstack-murano:
- Update to version murano-4.0.2.dev3:
* [stable-only] Remove periodic-stable-jobs template
Changes in openstack-murano:
- Update to version murano-4.0.2.dev3:
* [stable-only] Remove periodic-stable-jobs template
Changes in rabbitmq-server:
- add explanation-format patch to fix CVE-2019-11287 (bsc#1157665)
Changes in python-Django:
- Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt
to avoid source_validator incorrectly trying to use it as a detached
signature file for the sources tarball.
- Remove unnecessary project.diff file.
- Add CVE-2022-28346 patch (bsc#1198398, CVE-2022-28346)
* Potential SQL injection in QuerySet.annotate(),aggregate() and extra()
- Add CVE-2022-34265 patch (bsc#1201186, CVE-2022-34265)
* SQL injection via Trunc(kind) and Extract(lookup_name) arguments
Changes in rubygem-puma:
- Add CVE-2022-24790: Fixed HTTP request smuggling vulnerability (bsc#1197818).
Patchnames: HPE-Helion-OpenStack-8-2022-3338,SUSE-2022-3338,SUSE-OpenStack-Cloud-8-2022-3338,SUSE-OpenStack-Cloud-Crowbar-8-2022-3338
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma fixes the following issues:\n\nSecurity updates included on this update:\n\nardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, rabbitmq-server:\n- CVE-2020-1734: Fixed vulnerability where shell was enabled by default in a pipe lookup plugin subprocess. (SOC-11662, bnc#1164139)\n- CVE-2021-44716: Fixed uncontrolled memory consumption in go\u0027s net/http. (bsc#1193597)\n- CVE-2019-11287: Fixed DoS via \u0027X-Reason\u0027 HTTP Header in malicious Erlang format string. (bsc#1157665)\n\ngrafana:\n- CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454).\n- CVE-2021-44716: Fixed uncontrolled memory consumption in go\u0027s net/http (bsc#1193597).\n\npython-Django:\n- CVE-2022-28346: Fixed vulnerability that could lead to SQL injection in QuerySet.annotate(),aggregate() and extra(). (bsc#1198398)\n- CVE-2022-34265: Fixed vulnerability that could lead to SQL injection via Trunc(kind) and Extract(lookup_name) arguments. (bsc#1201186)\n\nrubygem puma:\n- CVE-2022-24790: Fixed HTTP request smuggling vulnerability. (bsc#1197818)\n\nAdditional information about the this update:\n\nChanges in ardana-ansible:\n- Update to version 8.0+git.1660773729.3789a6d:\n * Mitigate CVE-2020-1734 (SOC-11662)\n\nChanges in ardana-cobbler:\n- Update to version 8.0+git.1660773402.d845a45:\n * Mitigate CVE-2020-1734 (SOC-11662)\n\nChanges in grafana:\n- Add CVE-2021-39226 patch (bsc#1191454, CVE-2021-39226)\n * snapshot authentication bypass\n\n- Bump Go to 1.16 (bsc#1193597, CVE-2021-44716)\n * Fix Go net/http: limit growth of header canonicalization cache.\n\nChanges in openstack-heat-templates:\n- Update to version 0.0.0+git.1654529662.75fa04a:\n * doc: Comment out language option\n\nChanges in openstack-murano:\n- Update to version murano-4.0.2.dev3:\n * [stable-only] Remove periodic-stable-jobs template\n\nChanges in openstack-murano:\n- Update to version murano-4.0.2.dev3:\n * [stable-only] Remove periodic-stable-jobs template\n\nChanges in rabbitmq-server:\n- add explanation-format patch to fix CVE-2019-11287 (bsc#1157665)\n\nChanges in python-Django:\n- Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt\n to avoid source_validator incorrectly trying to use it as a detached\n signature file for the sources tarball.\n- Remove unnecessary project.diff file.\n\n- Add CVE-2022-28346 patch (bsc#1198398, CVE-2022-28346)\n * Potential SQL injection in QuerySet.annotate(),aggregate() and extra()\n- Add CVE-2022-34265 patch (bsc#1201186, CVE-2022-34265)\n * SQL injection via Trunc(kind) and Extract(lookup_name) arguments\n\nChanges in rubygem-puma:\n- Add CVE-2022-24790: Fixed HTTP request smuggling vulnerability (bsc#1197818).\n\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2022-3338,SUSE-2022-3338,SUSE-OpenStack-Cloud-8-2022-3338,SUSE-OpenStack-Cloud-Crowbar-8-2022-3338",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3338-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3338-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223338-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3338-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012332.html"
},
{
"category": "self",
"summary": "SUSE Bug 1157665",
"url": "https://bugzilla.suse.com/1157665"
},
{
"category": "self",
"summary": "SUSE Bug 1191454",
"url": "https://bugzilla.suse.com/1191454"
},
{
"category": "self",
"summary": "SUSE Bug 1193597",
"url": "https://bugzilla.suse.com/1193597"
},
{
"category": "self",
"summary": "SUSE Bug 1197818",
"url": "https://bugzilla.suse.com/1197818"
},
{
"category": "self",
"summary": "SUSE Bug 1198398",
"url": "https://bugzilla.suse.com/1198398"
},
{
"category": "self",
"summary": "SUSE Bug 1201186",
"url": "https://bugzilla.suse.com/1201186"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11287 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1734 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39226 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-44716 page",
"url": "https://www.suse.com/security/cve/CVE-2021-44716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24790 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28346 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-34265 page",
"url": "https://www.suse.com/security/cve/CVE-2022-34265/"
}
],
"title": "Security update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma",
"tracking": {
"current_release_date": "2022-09-22T14:15:54Z",
"generator": {
"date": "2022-09-22T14:15:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3338-1",
"initial_release_date": "2022-09-22T14:15:54Z",
"revision_history": [
{
"date": "2022-09-22T14:15:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "erlang-rabbitmq-client-3.6.16-3.13.1.aarch64",
"product": {
"name": "erlang-rabbitmq-client-3.6.16-3.13.1.aarch64",
"product_id": "erlang-rabbitmq-client-3.6.16-3.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "grafana-6.7.4-4.23.1.aarch64",
"product": {
"name": "grafana-6.7.4-4.23.1.aarch64",
"product_id": "grafana-6.7.4-4.23.1.aarch64"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-3.6.16-3.13.1.aarch64",
"product": {
"name": "rabbitmq-server-3.6.16-3.13.1.aarch64",
"product_id": "rabbitmq-server-3.6.16-3.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.aarch64",
"product": {
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.aarch64",
"product_id": "rabbitmq-server-plugins-3.6.16-3.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.aarch64",
"product_id": "ruby2.1-rubygem-puma-2.16.0-3.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.aarch64",
"product_id": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"product": {
"name": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"product_id": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch"
}
},
{
"category": "product_version",
"name": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"product": {
"name": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"product_id": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"product": {
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"product_id": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-murano-4.0.2~dev3-3.12.1.noarch",
"product": {
"name": "openstack-murano-4.0.2~dev3-3.12.1.noarch",
"product_id": "openstack-murano-4.0.2~dev3-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"product": {
"name": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"product_id": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"product": {
"name": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"product_id": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"product": {
"name": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"product_id": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "python-Django-1.11.29-3.42.1.noarch",
"product": {
"name": "python-Django-1.11.29-3.42.1.noarch",
"product_id": "python-Django-1.11.29-3.42.1.noarch"
}
},
{
"category": "product_version",
"name": "python-murano-4.0.2~dev3-3.12.1.noarch",
"product": {
"name": "python-murano-4.0.2~dev3-3.12.1.noarch",
"product_id": "python-murano-4.0.2~dev3-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"product": {
"name": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"product_id": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"product": {
"name": "venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"product_id": "venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"product": {
"name": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"product_id": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-murano-test-4.0.2~dev3-3.12.1.noarch",
"product": {
"name": "openstack-murano-test-4.0.2~dev3-3.12.1.noarch",
"product_id": "openstack-murano-test-4.0.2~dev3-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-Django-1.11.29-3.42.1.noarch",
"product": {
"name": "python3-Django-1.11.29-3.42.1.noarch",
"product_id": "python3-Django-1.11.29-3.42.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"product": {
"name": "venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"product_id": "venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "erlang-rabbitmq-client-3.6.16-3.13.1.ppc64le",
"product": {
"name": "erlang-rabbitmq-client-3.6.16-3.13.1.ppc64le",
"product_id": "erlang-rabbitmq-client-3.6.16-3.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grafana-6.7.4-4.23.1.ppc64le",
"product": {
"name": "grafana-6.7.4-4.23.1.ppc64le",
"product_id": "grafana-6.7.4-4.23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-3.6.16-3.13.1.ppc64le",
"product": {
"name": "rabbitmq-server-3.6.16-3.13.1.ppc64le",
"product_id": "rabbitmq-server-3.6.16-3.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.ppc64le",
"product": {
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.ppc64le",
"product_id": "rabbitmq-server-plugins-3.6.16-3.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.ppc64le",
"product_id": "ruby2.1-rubygem-puma-2.16.0-3.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.ppc64le",
"product_id": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "erlang-rabbitmq-client-3.6.16-3.13.1.s390x",
"product": {
"name": "erlang-rabbitmq-client-3.6.16-3.13.1.s390x",
"product_id": "erlang-rabbitmq-client-3.6.16-3.13.1.s390x"
}
},
{
"category": "product_version",
"name": "grafana-6.7.4-4.23.1.s390x",
"product": {
"name": "grafana-6.7.4-4.23.1.s390x",
"product_id": "grafana-6.7.4-4.23.1.s390x"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-3.6.16-3.13.1.s390x",
"product": {
"name": "rabbitmq-server-3.6.16-3.13.1.s390x",
"product_id": "rabbitmq-server-3.6.16-3.13.1.s390x"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.s390x",
"product": {
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.s390x",
"product_id": "rabbitmq-server-plugins-3.6.16-3.13.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.s390x",
"product": {
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.s390x",
"product_id": "ruby2.1-rubygem-puma-2.16.0-3.18.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.s390x",
"product": {
"name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.s390x",
"product_id": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-6.7.4-4.23.1.x86_64",
"product": {
"name": "grafana-6.7.4-4.23.1.x86_64",
"product_id": "grafana-6.7.4-4.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-3.6.16-3.13.1.x86_64",
"product": {
"name": "rabbitmq-server-3.6.16-3.13.1.x86_64",
"product_id": "rabbitmq-server-3.6.16-3.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"product": {
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"product_id": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang-rabbitmq-client-3.6.16-3.13.1.x86_64",
"product": {
"name": "erlang-rabbitmq-client-3.6.16-3.13.1.x86_64",
"product_id": "erlang-rabbitmq-client-3.6.16-3.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64",
"product_id": "ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.x86_64",
"product_id": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch"
},
"product_reference": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch"
},
"product_reference": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-6.7.4-4.23.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64"
},
"product_reference": "grafana-6.7.4-4.23.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch"
},
"product_reference": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-4.0.2~dev3-3.12.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Django-1.11.29-3.42.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch"
},
"product_reference": "python-Django-1.11.29-3.42.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-murano-4.0.2~dev3-3.12.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "python-murano-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-3.6.16-3.13.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64"
},
"product_reference": "rabbitmq-server-3.6.16-3.13.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64"
},
"product_reference": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch"
},
"product_reference": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch"
},
"product_reference": "venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch"
},
"product_reference": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch"
},
"product_reference": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch"
},
"product_reference": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-6.7.4-4.23.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64"
},
"product_reference": "grafana-6.7.4-4.23.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch"
},
"product_reference": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Django-1.11.29-3.42.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch"
},
"product_reference": "python-Django-1.11.29-3.42.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-murano-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "python-murano-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-3.6.16-3.13.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64"
},
"product_reference": "rabbitmq-server-3.6.16-3.13.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64"
},
"product_reference": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch"
},
"product_reference": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch"
},
"product_reference": "venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch"
},
"product_reference": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-6.7.4-4.23.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64"
},
"product_reference": "grafana-6.7.4-4.23.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch"
},
"product_reference": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Django-1.11.29-3.42.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch"
},
"product_reference": "python-Django-1.11.29-3.42.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-murano-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "python-murano-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-3.6.16-3.13.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64"
},
"product_reference": "rabbitmq-server-3.6.16-3.13.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64"
},
"product_reference": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11287"
}
],
"notes": [
{
"category": "general",
"text": "Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The \"X-Reason\" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11287",
"url": "https://www.suse.com/security/cve/CVE-2019-11287"
},
{
"category": "external",
"summary": "SUSE Bug 1157665 for CVE-2019-11287",
"url": "https://bugzilla.suse.com/1157665"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:15:54Z",
"details": "important"
}
],
"title": "CVE-2019-11287"
},
{
"cve": "CVE-2020-1734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1734"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1734",
"url": "https://www.suse.com/security/cve/CVE-2020-1734"
},
{
"category": "external",
"summary": "SUSE Bug 1164139 for CVE-2020-1734",
"url": "https://bugzilla.suse.com/1164139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:15:54Z",
"details": "important"
}
],
"title": "CVE-2020-1734"
},
{
"cve": "CVE-2021-39226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39226"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39226",
"url": "https://www.suse.com/security/cve/CVE-2021-39226"
},
{
"category": "external",
"summary": "SUSE Bug 1191454 for CVE-2021-39226",
"url": "https://bugzilla.suse.com/1191454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:15:54Z",
"details": "important"
}
],
"title": "CVE-2021-39226"
},
{
"cve": "CVE-2021-44716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-44716"
}
],
"notes": [
{
"category": "general",
"text": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-44716",
"url": "https://www.suse.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "SUSE Bug 1193597 for CVE-2021-44716",
"url": "https://bugzilla.suse.com/1193597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:15:54Z",
"details": "important"
}
],
"title": "CVE-2021-44716"
},
{
"cve": "CVE-2022-24790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24790"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24790",
"url": "https://www.suse.com/security/cve/CVE-2022-24790"
},
{
"category": "external",
"summary": "SUSE Bug 1197818 for CVE-2022-24790",
"url": "https://bugzilla.suse.com/1197818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:15:54Z",
"details": "important"
}
],
"title": "CVE-2022-24790"
},
{
"cve": "CVE-2022-28346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28346",
"url": "https://www.suse.com/security/cve/CVE-2022-28346"
},
{
"category": "external",
"summary": "SUSE Bug 1198398 for CVE-2022-28346",
"url": "https://bugzilla.suse.com/1198398"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:15:54Z",
"details": "important"
}
],
"title": "CVE-2022-28346"
},
{
"cve": "CVE-2022-34265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-34265"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-34265",
"url": "https://www.suse.com/security/cve/CVE-2022-34265"
},
{
"category": "external",
"summary": "SUSE Bug 1201186 for CVE-2022-34265",
"url": "https://bugzilla.suse.com/1201186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:15:54Z",
"details": "important"
}
],
"title": "CVE-2022-34265"
}
]
}
SUSE-SU-2022:3339-1
Vulnerability from csaf_suse - Published: 2022-09-22 14:16 - Updated: 2022-09-22 14:16Summary
Security update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma
Severity
Moderate
Notes
Title of the patch: Security update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma
Description of the patch: This update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma fixes the following issues:
Security fixes included in this update:
ardana-ansible:
- CVE-2020-1734: Fixed vulnerability where shell was enabled by default in a pipe lookup plugin subprocess (SOC-11662, bnc#1164139).
grafana:
- CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454).
rabbitmq-server:
- CVE-2019-11287: Fixed DoS via 'X-Reason' HTTP Header in malicious Erlang format string (bsc#1157665).
rubygem-puma:
- CVE-2022-24790: Fixed HTTP request smuggling (bsc#1197818).
python-Django1:
- CVE-2022-28346: Fixed vulnerability allowing SQL injection in QuerySet.annotate(),aggregate() and extra() (bsc#1198398).
- CVE-2022-34265: Fixed vulnerability allowing SQL injection via Trunc(kind) and Extract(lookup_name) arguments (bsc#1201186).
Bugfixes:
- Disabled two barbican tests (SOC-8764).
Non-security fixes included on this update:
Changes in ardana-ansible:
- Update to version 9.0+git.1660748476.c118d23:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in ardana-cobbler:
- Update to version 9.0+git.1660747489.119efcd:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in ardana-tempest:
- Update to version 9.0+git.1651855288.a2341ad:
* Disable two barbican tests (SOC-8764)
Changes in grafana:
- Add CVE-2021-39226 patch (bsc#1191454, CVE-2021-39226)
* snapshot authentication bypass
Changes in openstack-heat-templates:
- Update to version 0.0.0+git.1654529662.75fa04a7:
* doc: Comment out language option
Changes in openstack-horizon-plugin-gbp-ui:
- Update to version group-based-policy-ui-14.0.1.dev4:
* remove legacy servicechain code
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-14.0.1.dev46:
* Remove logs
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev45:
* FIP Status active after dissociate
- Update to version group-based-policy-14.0.1.dev43:
* fixed apic synchronization state for multiple erspan session
- Update to version group-based-policy-14.0.1.dev41:
* Remove\_legacy\_service\_chain\_code(2)
- Update to version group-based-policy-14.0.1.dev39:
* data-migrations spelling fixes
2014.2rc1
- Update to version group-based-policy-14.0.1.dev38:
* Adding support for address group feature in upstream
- Update to version group-based-policy-14.0.1.dev36:
* Add support for yoga
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev35:
* Removed\_legacy\_service\_chain\_code
2014.2rc1
Changes in openstack-nova:
- Update to version nova-18.3.1.dev92:
* [stable-only] Drop lower-constraints job
Changes in openstack-nova:
- Update to version nova-18.3.1.dev92:
* [stable-only] Drop lower-constraints job
Changes in python-Djanjo1:
- Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt
to avoid source_validator incorrectly trying to use it as a detached
signature file for the sources tarball.
- Add CVE-2022-28346 patch (bsc#1198398, CVE-2022-28346)
* Potential SQL injection in QuerySet.annotate(),aggregate() and extra()
- Add CVE-2022-34265 patch (bsc#1201186, CVE-2022-34265)
* SQL injection via Trunc(kind) and Extract(lookup_name) arguments
Changes in rabbitmq-server:
- add explanation-format patch to fix CVE-2019-11287 (bsc#1157665)
Changes in rubygem-puma:
- Add CVE-2022-24790 patch (bsc#1197818, CVE-2022-24790).
Patchnames: SUSE-2022-3339,SUSE-OpenStack-Cloud-9-2022-3339,SUSE-OpenStack-Cloud-Crowbar-9-2022-3339
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma fixes the following issues:\n\nSecurity fixes included in this update:\n\nardana-ansible:\n- CVE-2020-1734: Fixed vulnerability where shell was enabled by default in a pipe lookup plugin subprocess (SOC-11662, bnc#1164139).\ngrafana:\n- CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454).\nrabbitmq-server:\n- CVE-2019-11287: Fixed DoS via \u0027X-Reason\u0027 HTTP Header in malicious Erlang format string (bsc#1157665).\nrubygem-puma:\n- CVE-2022-24790: Fixed HTTP request smuggling (bsc#1197818).\npython-Django1:\n- CVE-2022-28346: Fixed vulnerability allowing SQL injection in QuerySet.annotate(),aggregate() and extra() (bsc#1198398).\n- CVE-2022-34265: Fixed vulnerability allowing SQL injection via Trunc(kind) and Extract(lookup_name) arguments (bsc#1201186).\nBugfixes:\n- Disabled two barbican tests (SOC-8764).\n\nNon-security fixes included on this update:\n\nChanges in ardana-ansible:\n- Update to version 9.0+git.1660748476.c118d23:\n * Mitigate CVE-2020-1734 (SOC-11662)\n\nChanges in ardana-cobbler:\n- Update to version 9.0+git.1660747489.119efcd:\n * Mitigate CVE-2020-1734 (SOC-11662)\n\nChanges in ardana-tempest:\n- Update to version 9.0+git.1651855288.a2341ad:\n * Disable two barbican tests (SOC-8764)\n\nChanges in grafana:\n- Add CVE-2021-39226 patch (bsc#1191454, CVE-2021-39226)\n * snapshot authentication bypass\n\nChanges in openstack-heat-templates:\n- Update to version 0.0.0+git.1654529662.75fa04a7:\n * doc: Comment out language option\n\nChanges in openstack-horizon-plugin-gbp-ui:\n- Update to version group-based-policy-ui-14.0.1.dev4:\n * remove legacy servicechain code\n\nChanges in openstack-neutron-gbp:\n- Update to version group-based-policy-14.0.1.dev46:\n * Remove logs\n 2014.2.rc1\n\n- Update to version group-based-policy-14.0.1.dev45:\n * FIP Status active after dissociate\n\n- Update to version group-based-policy-14.0.1.dev43:\n * fixed apic synchronization state for multiple erspan session\n\n- Update to version group-based-policy-14.0.1.dev41:\n * Remove\\_legacy\\_service\\_chain\\_code(2)\n\n- Update to version group-based-policy-14.0.1.dev39:\n * data-migrations spelling fixes\n 2014.2rc1\n\n- Update to version group-based-policy-14.0.1.dev38:\n * Adding support for address group feature in upstream\n\n- Update to version group-based-policy-14.0.1.dev36:\n * Add support for yoga\n 2014.2.rc1\n\n- Update to version group-based-policy-14.0.1.dev35:\n * Removed\\_legacy\\_service\\_chain\\_code\n 2014.2rc1\n\nChanges in openstack-nova:\n- Update to version nova-18.3.1.dev92:\n * [stable-only] Drop lower-constraints job\n\nChanges in openstack-nova:\n- Update to version nova-18.3.1.dev92:\n * [stable-only] Drop lower-constraints job\n\nChanges in python-Djanjo1:\n\n- Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt\n to avoid source_validator incorrectly trying to use it as a detached\n signature file for the sources tarball.\n\n- Add CVE-2022-28346 patch (bsc#1198398, CVE-2022-28346)\n * Potential SQL injection in QuerySet.annotate(),aggregate() and extra()\n- Add CVE-2022-34265 patch (bsc#1201186, CVE-2022-34265)\n * SQL injection via Trunc(kind) and Extract(lookup_name) arguments\n\nChanges in rabbitmq-server:\n- add explanation-format patch to fix CVE-2019-11287 (bsc#1157665)\n\nChanges in rubygem-puma:\n- Add CVE-2022-24790 patch (bsc#1197818, CVE-2022-24790).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3339,SUSE-OpenStack-Cloud-9-2022-3339,SUSE-OpenStack-Cloud-Crowbar-9-2022-3339",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3339-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3339-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223339-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3339-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012331.html"
},
{
"category": "self",
"summary": "SUSE Bug 1157665",
"url": "https://bugzilla.suse.com/1157665"
},
{
"category": "self",
"summary": "SUSE Bug 1164139",
"url": "https://bugzilla.suse.com/1164139"
},
{
"category": "self",
"summary": "SUSE Bug 1191454",
"url": "https://bugzilla.suse.com/1191454"
},
{
"category": "self",
"summary": "SUSE Bug 1197818",
"url": "https://bugzilla.suse.com/1197818"
},
{
"category": "self",
"summary": "SUSE Bug 1198398",
"url": "https://bugzilla.suse.com/1198398"
},
{
"category": "self",
"summary": "SUSE Bug 1201186",
"url": "https://bugzilla.suse.com/1201186"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11287 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1734 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39226 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24790 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28346 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-34265 page",
"url": "https://www.suse.com/security/cve/CVE-2022-34265/"
}
],
"title": "Security update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma",
"tracking": {
"current_release_date": "2022-09-22T14:16:26Z",
"generator": {
"date": "2022-09-22T14:16:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3339-1",
"initial_release_date": "2022-09-22T14:16:26Z",
"revision_history": [
{
"date": "2022-09-22T14:16:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "erlang-rabbitmq-client-3.6.16-4.3.1.aarch64",
"product": {
"name": "erlang-rabbitmq-client-3.6.16-4.3.1.aarch64",
"product_id": "erlang-rabbitmq-client-3.6.16-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "grafana-6.7.4-3.29.1.aarch64",
"product": {
"name": "grafana-6.7.4-3.29.1.aarch64",
"product_id": "grafana-6.7.4-3.29.1.aarch64"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-3.6.16-4.3.1.aarch64",
"product": {
"name": "rabbitmq-server-3.6.16-4.3.1.aarch64",
"product_id": "rabbitmq-server-3.6.16-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.aarch64",
"product": {
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.aarch64",
"product_id": "rabbitmq-server-plugins-3.6.16-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.aarch64",
"product_id": "ruby2.1-rubygem-puma-2.16.0-4.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.aarch64",
"product_id": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"product": {
"name": "ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"product_id": "ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch"
}
},
{
"category": "product_version",
"name": "ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"product": {
"name": "ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"product_id": "ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch"
}
},
{
"category": "product_version",
"name": "ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"product": {
"name": "ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"product_id": "ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"product": {
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"product_id": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"product": {
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"product_id": "openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev4-3.12.1.noarch",
"product": {
"name": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev4-3.12.1.noarch",
"product_id": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev4-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"product": {
"name": "openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"product_id": "openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-gbp-test-14.0.1~dev46-3.34.1.noarch",
"product": {
"name": "openstack-neutron-gbp-test-14.0.1~dev46-3.34.1.noarch",
"product_id": "openstack-neutron-gbp-test-14.0.1~dev46-3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-api-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-cells-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-compute-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-console-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-consoleauth-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-consoleauth-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-consoleauth-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-network-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-network-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-network-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-test-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-test-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-test-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "python-Django1-1.11.29-3.40.1.noarch",
"product": {
"name": "python-Django1-1.11.29-3.40.1.noarch",
"product_id": "python-Django1-1.11.29-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"product": {
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"product_id": "python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"product": {
"name": "python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"product_id": "python-neutron-gbp-14.0.1~dev46-3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "python-nova-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "python-nova-18.3.1~dev92-3.43.1.noarch",
"product_id": "python-nova-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-Django1-1.11.29-3.40.1.noarch",
"product": {
"name": "python3-Django1-1.11.29-3.40.1.noarch",
"product_id": "python3-Django1-1.11.29-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"product": {
"name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"product_id": "venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"product": {
"name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"product_id": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"product": {
"name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"product_id": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"product": {
"name": "venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"product_id": "venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "erlang-rabbitmq-client-3.6.16-4.3.1.ppc64le",
"product": {
"name": "erlang-rabbitmq-client-3.6.16-4.3.1.ppc64le",
"product_id": "erlang-rabbitmq-client-3.6.16-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grafana-6.7.4-3.29.1.ppc64le",
"product": {
"name": "grafana-6.7.4-3.29.1.ppc64le",
"product_id": "grafana-6.7.4-3.29.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-3.6.16-4.3.1.ppc64le",
"product": {
"name": "rabbitmq-server-3.6.16-4.3.1.ppc64le",
"product_id": "rabbitmq-server-3.6.16-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.ppc64le",
"product": {
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.ppc64le",
"product_id": "rabbitmq-server-plugins-3.6.16-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.ppc64le",
"product_id": "ruby2.1-rubygem-puma-2.16.0-4.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.ppc64le",
"product_id": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "erlang-rabbitmq-client-3.6.16-4.3.1.s390x",
"product": {
"name": "erlang-rabbitmq-client-3.6.16-4.3.1.s390x",
"product_id": "erlang-rabbitmq-client-3.6.16-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "grafana-6.7.4-3.29.1.s390x",
"product": {
"name": "grafana-6.7.4-3.29.1.s390x",
"product_id": "grafana-6.7.4-3.29.1.s390x"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-3.6.16-4.3.1.s390x",
"product": {
"name": "rabbitmq-server-3.6.16-4.3.1.s390x",
"product_id": "rabbitmq-server-3.6.16-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.s390x",
"product": {
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.s390x",
"product_id": "rabbitmq-server-plugins-3.6.16-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.s390x",
"product": {
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.s390x",
"product_id": "ruby2.1-rubygem-puma-2.16.0-4.18.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.s390x",
"product": {
"name": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.s390x",
"product_id": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "erlang-rabbitmq-client-3.6.16-4.3.1.x86_64",
"product": {
"name": "erlang-rabbitmq-client-3.6.16-4.3.1.x86_64",
"product_id": "erlang-rabbitmq-client-3.6.16-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "grafana-6.7.4-3.29.1.x86_64",
"product": {
"name": "grafana-6.7.4-3.29.1.x86_64",
"product_id": "grafana-6.7.4-3.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-3.6.16-4.3.1.x86_64",
"product": {
"name": "rabbitmq-server-3.6.16-4.3.1.x86_64",
"product_id": "rabbitmq-server-3.6.16-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"product": {
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"product_id": "rabbitmq-server-plugins-3.6.16-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64",
"product_id": "ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.x86_64",
"product_id": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch"
},
"product_reference": "ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch"
},
"product_reference": "ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch"
},
"product_reference": "ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-6.7.4-3.29.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64"
},
"product_reference": "grafana-6.7.4-3.29.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch"
},
"product_reference": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch"
},
"product_reference": "openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch"
},
"product_reference": "openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-api-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-cells-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-compute-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-console-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Django1-1.11.29-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch"
},
"product_reference": "python-Django1-1.11.29-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch"
},
"product_reference": "python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-gbp-14.0.1~dev46-3.34.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch"
},
"product_reference": "python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nova-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "python-nova-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-3.6.16-4.3.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64"
},
"product_reference": "rabbitmq-server-3.6.16-4.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64"
},
"product_reference": "rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch"
},
"product_reference": "venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch"
},
"product_reference": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch"
},
"product_reference": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch"
},
"product_reference": "venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-6.7.4-3.29.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64"
},
"product_reference": "grafana-6.7.4-3.29.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch"
},
"product_reference": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch"
},
"product_reference": "openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch"
},
"product_reference": "openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-api-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-cells-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-compute-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-console-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Django1-1.11.29-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch"
},
"product_reference": "python-Django1-1.11.29-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch"
},
"product_reference": "python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-gbp-14.0.1~dev46-3.34.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch"
},
"product_reference": "python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nova-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "python-nova-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-3.6.16-4.3.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64"
},
"product_reference": "rabbitmq-server-3.6.16-4.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64"
},
"product_reference": "rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11287"
}
],
"notes": [
{
"category": "general",
"text": "Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The \"X-Reason\" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11287",
"url": "https://www.suse.com/security/cve/CVE-2019-11287"
},
{
"category": "external",
"summary": "SUSE Bug 1157665 for CVE-2019-11287",
"url": "https://bugzilla.suse.com/1157665"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:16:26Z",
"details": "important"
}
],
"title": "CVE-2019-11287"
},
{
"cve": "CVE-2020-1734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1734"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1734",
"url": "https://www.suse.com/security/cve/CVE-2020-1734"
},
{
"category": "external",
"summary": "SUSE Bug 1164139 for CVE-2020-1734",
"url": "https://bugzilla.suse.com/1164139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:16:26Z",
"details": "important"
}
],
"title": "CVE-2020-1734"
},
{
"cve": "CVE-2021-39226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39226"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39226",
"url": "https://www.suse.com/security/cve/CVE-2021-39226"
},
{
"category": "external",
"summary": "SUSE Bug 1191454 for CVE-2021-39226",
"url": "https://bugzilla.suse.com/1191454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:16:26Z",
"details": "important"
}
],
"title": "CVE-2021-39226"
},
{
"cve": "CVE-2022-24790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24790"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24790",
"url": "https://www.suse.com/security/cve/CVE-2022-24790"
},
{
"category": "external",
"summary": "SUSE Bug 1197818 for CVE-2022-24790",
"url": "https://bugzilla.suse.com/1197818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:16:26Z",
"details": "important"
}
],
"title": "CVE-2022-24790"
},
{
"cve": "CVE-2022-28346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28346",
"url": "https://www.suse.com/security/cve/CVE-2022-28346"
},
{
"category": "external",
"summary": "SUSE Bug 1198398 for CVE-2022-28346",
"url": "https://bugzilla.suse.com/1198398"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:16:26Z",
"details": "important"
}
],
"title": "CVE-2022-28346"
},
{
"cve": "CVE-2022-34265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-34265"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-34265",
"url": "https://www.suse.com/security/cve/CVE-2022-34265"
},
{
"category": "external",
"summary": "SUSE Bug 1201186 for CVE-2022-34265",
"url": "https://bugzilla.suse.com/1201186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:16:26Z",
"details": "important"
}
],
"title": "CVE-2022-34265"
}
]
}
SUSE-SU-2024:2817-1
Vulnerability from csaf_suse - Published: 2024-08-07 13:32 - Updated: 2024-08-07 13:32Summary
Security update for python-Django
Severity
Important
Notes
Title of the patch: Security update for python-Django
Description of the patch: This update for python-Django fixes the following issues:
- CVE-2024-42005: Fixed SQL injection in QuerySet.values() and values_list() (bsc#1228629)
- CVE-2024-41989: Fixed Memory exhaustion in django.utils.numberformat.floatformat() (bsc#1228630)
- CVE-2024-41990: Fixed denial-of-service vulnerability in django.utils.html.urlize() (bsc#1228631)
- CVE-2024-41991: Fixed another denial-of-service vulnerability in django.utils.html.urlize() (bsc#1228632)
- CVE-2022-28346: Fixed SQL injection in QuerySet.annotate(),aggregate() and extra() (bsc#1198398)
- CVE-2019-12308: Fixed XSS in AdminURLFieldWidget (bsc#1136468)
Patchnames: SUSE-2024-2817,openSUSE-SLE-15.5-2024-2817
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch | — |
Vendor Fix
|
Threats
Impact
low
7.3 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Django",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Django fixes the following issues:\n\n- CVE-2024-42005: Fixed SQL injection in QuerySet.values() and values_list() (bsc#1228629)\n- CVE-2024-41989: Fixed Memory exhaustion in django.utils.numberformat.floatformat() (bsc#1228630)\n- CVE-2024-41990: Fixed denial-of-service vulnerability in django.utils.html.urlize() (bsc#1228631)\n- CVE-2024-41991: Fixed another denial-of-service vulnerability in django.utils.html.urlize() (bsc#1228632)\n- CVE-2022-28346: Fixed SQL injection in QuerySet.annotate(),aggregate() and extra() (bsc#1198398)\n- CVE-2019-12308: Fixed XSS in AdminURLFieldWidget (bsc#1136468)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2817,openSUSE-SLE-15.5-2024-2817",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2817-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2817-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242817-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2817-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019139.html"
},
{
"category": "self",
"summary": "SUSE Bug 1136468",
"url": "https://bugzilla.suse.com/1136468"
},
{
"category": "self",
"summary": "SUSE Bug 1198398",
"url": "https://bugzilla.suse.com/1198398"
},
{
"category": "self",
"summary": "SUSE Bug 1228629",
"url": "https://bugzilla.suse.com/1228629"
},
{
"category": "self",
"summary": "SUSE Bug 1228630",
"url": "https://bugzilla.suse.com/1228630"
},
{
"category": "self",
"summary": "SUSE Bug 1228631",
"url": "https://bugzilla.suse.com/1228631"
},
{
"category": "self",
"summary": "SUSE Bug 1228632",
"url": "https://bugzilla.suse.com/1228632"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12308 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12308/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28346 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41989 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41990 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41991 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42005/"
}
],
"title": "Security update for python-Django",
"tracking": {
"current_release_date": "2024-08-07T13:32:44Z",
"generator": {
"date": "2024-08-07T13:32:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2817-1",
"initial_release_date": "2024-08-07T13:32:44Z",
"revision_history": [
{
"date": "2024-08-07T13:32:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python3-Django-2.0.7-150000.1.27.1.noarch",
"product": {
"name": "python3-Django-2.0.7-150000.1.27.1.noarch",
"product_id": "python3-Django-2.0.7-150000.1.27.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Django-2.0.7-150000.1.27.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
},
"product_reference": "python3-Django-2.0.7-150000.1.27.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12308",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12308"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12308",
"url": "https://www.suse.com/security/cve/CVE-2019-12308"
},
{
"category": "external",
"summary": "SUSE Bug 1136468 for CVE-2019-12308",
"url": "https://bugzilla.suse.com/1136468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-07T13:32:44Z",
"details": "low"
}
],
"title": "CVE-2019-12308"
},
{
"cve": "CVE-2022-28346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28346",
"url": "https://www.suse.com/security/cve/CVE-2022-28346"
},
{
"category": "external",
"summary": "SUSE Bug 1198398 for CVE-2022-28346",
"url": "https://bugzilla.suse.com/1198398"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-07T13:32:44Z",
"details": "important"
}
],
"title": "CVE-2022-28346"
},
{
"cve": "CVE-2024-41989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41989"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41989",
"url": "https://www.suse.com/security/cve/CVE-2024-41989"
},
{
"category": "external",
"summary": "SUSE Bug 1228629 for CVE-2024-41989",
"url": "https://bugzilla.suse.com/1228629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-07T13:32:44Z",
"details": "important"
}
],
"title": "CVE-2024-41989"
},
{
"cve": "CVE-2024-41990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41990"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41990",
"url": "https://www.suse.com/security/cve/CVE-2024-41990"
},
{
"category": "external",
"summary": "SUSE Bug 1228630 for CVE-2024-41990",
"url": "https://bugzilla.suse.com/1228630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-07T13:32:44Z",
"details": "important"
}
],
"title": "CVE-2024-41990"
},
{
"cve": "CVE-2024-41991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41991"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41991",
"url": "https://www.suse.com/security/cve/CVE-2024-41991"
},
{
"category": "external",
"summary": "SUSE Bug 1228631 for CVE-2024-41991",
"url": "https://bugzilla.suse.com/1228631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-07T13:32:44Z",
"details": "important"
}
],
"title": "CVE-2024-41991"
},
{
"cve": "CVE-2024-42005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42005"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42005",
"url": "https://www.suse.com/security/cve/CVE-2024-42005"
},
{
"category": "external",
"summary": "SUSE Bug 1228632 for CVE-2024-42005",
"url": "https://bugzilla.suse.com/1228632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.27.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-07T13:32:44Z",
"details": "important"
}
],
"title": "CVE-2024-42005"
}
]
}
WID-SEC-W-2022-0439
Vulnerability from csaf_certbund - Published: 2022-06-22 22:00 - Updated: 2022-12-07 23:00Summary
Red Hat OpenStack: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenStack ist eine Sammlung von Diensten, um Cloud-Computing in Form von Infrastructure as a Service (IaaS) bereitstellen zu können.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat OpenStack ausnutzen, um Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
- Sonstiges
Es existiert eine Schwachstelle in Red Hat OpenStack. Der Fehler besteht aufgrund einer unsachgemäßen Eingabevalidierung und ermöglicht die Existenz einer nicht verwalteten Regel auf dem Zielsystem, die den gleichen Kommentar wie die im Manifest angegebene Regel hat. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen und das System in einen unsicheren Zustand zu versetzen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
Es existiert eine Schwachstelle in Red Hat OpenStack. Der Fehler besteht aufgrund einer falschen Autorisierung in openstack-barbican. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Metadaten eines beliebigen Geheimnisses hinzuzufügen, zu ändern oder zu löschen, unabhängig vom Eigentümer.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
Es existiert eine Schwachstelle in Red Hat OpenStack. Der Fehler besteht aufgrund einer falschen Autorisierung in openstack-barbican. Ein entfernter, authentisierter Angreifer mit bestimmten Rechten kann diese Schwachstelle ausnutzen, um geschützte Ressourcen zu verbrauchen und einen Denial-of-Service-Zustand auszulösen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
Es existiert eine Schwachstelle in Red Hat OpenStack. Der Fehler besteht aufgrund einer unsachgemäßen Neutralisierung von speziellen Elementen, die in einem SQL-Befehl verwendet werden (SQL Injection). Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Daten zu manipulieren.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
References
12 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenStack ist eine Sammlung von Diensten, um Cloud-Computing in Form von Infrastructure as a Service (IaaS) bereitstellen zu k\u00f6nnen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat OpenStack ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren und einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0439 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0439.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0439 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0439"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8874 vom 2022-12-08",
"url": "https://access.redhat.com/errata/RHSA-2022:8874"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8869 vom 2022-12-08",
"url": "https://access.redhat.com/errata/RHSA-2022:8869"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-06-22",
"url": "https://access.redhat.com/errata/RHSA-2022:5114"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-06-22",
"url": "https://access.redhat.com/errata/RHSA-2022:5115"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-06-22",
"url": "https://access.redhat.com/errata/RHSA-2022:5116"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5498 vom 2022-07-05",
"url": "https://access.redhat.com/errata/RHSA-2022:5498"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5602 vom 2022-07-20",
"url": "https://access.redhat.com/errata/RHSA-2022:5602"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3339-1 vom 2022-09-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012331.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3338-1 vom 2022-09-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012332.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5254 vom 2022-10-15",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00223.html"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenStack: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2022-12-07T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:29:08.933+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-0439",
"initial_release_date": "2022-06-22T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-06-22T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-07-05T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-07-19T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-09-22T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-10-16T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-12-07T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenStack \u003c 16.2.3",
"product": {
"name": "Red Hat OpenStack \u003c 16.2.3",
"product_id": "T023590",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2.3"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0675",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat OpenStack. Der Fehler besteht aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung und erm\u00f6glicht die Existenz einer nicht verwalteten Regel auf dem Zielsystem, die den gleichen Kommentar wie die im Manifest angegebene Regel hat. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen und das System in einen unsicheren Zustand zu versetzen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646"
]
},
"release_date": "2022-06-22T22:00:00.000+00:00",
"title": "CVE-2022-0675"
},
{
"cve": "CVE-2022-23451",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat OpenStack. Der Fehler besteht aufgrund einer falschen Autorisierung in openstack-barbican. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Metadaten eines beliebigen Geheimnisses hinzuzuf\u00fcgen, zu \u00e4ndern oder zu l\u00f6schen, unabh\u00e4ngig vom Eigent\u00fcmer."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646"
]
},
"release_date": "2022-06-22T22:00:00.000+00:00",
"title": "CVE-2022-23451"
},
{
"cve": "CVE-2022-23452",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat OpenStack. Der Fehler besteht aufgrund einer falschen Autorisierung in openstack-barbican. Ein entfernter, authentisierter Angreifer mit bestimmten Rechten kann diese Schwachstelle ausnutzen, um gesch\u00fctzte Ressourcen zu verbrauchen und einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646"
]
},
"release_date": "2022-06-22T22:00:00.000+00:00",
"title": "CVE-2022-23452"
},
{
"cve": "CVE-2022-28346",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat OpenStack. Der Fehler besteht aufgrund einer unsachgem\u00e4\u00dfen Neutralisierung von speziellen Elementen, die in einem SQL-Befehl verwendet werden (SQL Injection). Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Daten zu manipulieren."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646"
]
},
"release_date": "2022-06-22T22:00:00.000+00:00",
"title": "CVE-2022-28346"
}
]
}
WID-SEC-W-2022-1335
Vulnerability from csaf_certbund - Published: 2022-09-07 22:00 - Updated: 2023-05-18 22:00Summary
Xerox FreeFlow Print Server: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Betroffene Betriebssysteme: - Sonstiges
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FreeFlow-Druckserver ist eine Druckserveranwendung f\u00fcr Xerox-Produktionsdrucker, die Flexibilit\u00e4t, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1335 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1335.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1335 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1335"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX23-007 vom 2023-05-18",
"url": "https://security.business.xerox.com/wp-content/uploads/2023/05/Xerox-Security-Bulletin-XRX23-007-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX23-005 vom 2023-04-04",
"url": "https://security.business.xerox.com/wp-content/uploads/2023/04/Xerox-Security-Bulletin-XRX23-005-Xerox%25C2%25AE-FreeFlow%25C2%25AE-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "Xerox Security Bulletin XRX22-021 vom 2022-09-07",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2022/09/Xerox-Security-Bulletin-XRX22-021-FreeFlow-Print-Server-v9.pdf"
}
],
"source_lang": "en-US",
"title": "Xerox FreeFlow Print Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-05-18T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:34:44.234+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-1335",
"initial_release_date": "2022-09-07T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-09-07T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-04-03T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2023-05-18T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von XEROX aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Xerox FreeFlow Print Server 7",
"product": {
"name": "Xerox FreeFlow Print Server 7",
"product_id": "T000872",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:7"
}
}
},
{
"category": "product_name",
"name": "Xerox FreeFlow Print Server 9",
"product": {
"name": "Xerox FreeFlow Print Server 9",
"product_id": "T002977",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:9"
}
}
},
{
"category": "product_name",
"name": "Xerox FreeFlow Print Server v9",
"product": {
"name": "Xerox FreeFlow Print Server v9",
"product_id": "T015632",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25032",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2018-25032"
},
{
"cve": "CVE-2019-19906",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2019-19906"
},
{
"cve": "CVE-2020-0499",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2020-0499"
},
{
"cve": "CVE-2020-25717",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2020-25717"
},
{
"cve": "CVE-2020-29651",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2020-29651"
},
{
"cve": "CVE-2021-0561",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-0561"
},
{
"cve": "CVE-2021-21708",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-21708"
},
{
"cve": "CVE-2021-22946",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-22946"
},
{
"cve": "CVE-2021-25220",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-25220"
},
{
"cve": "CVE-2021-29923",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-29923"
},
{
"cve": "CVE-2021-30809",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-30809"
},
{
"cve": "CVE-2021-30818",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-30818"
},
{
"cve": "CVE-2021-30823",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-30823"
},
{
"cve": "CVE-2021-30836",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-30836"
},
{
"cve": "CVE-2021-30884",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-30884"
},
{
"cve": "CVE-2021-30887",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-30887"
},
{
"cve": "CVE-2021-30888",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-30888"
},
{
"cve": "CVE-2021-30889",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-30889"
},
{
"cve": "CVE-2021-30890",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-30890"
},
{
"cve": "CVE-2021-30897",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-30897"
},
{
"cve": "CVE-2021-30934",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-30934"
},
{
"cve": "CVE-2021-30936",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-30936"
},
{
"cve": "CVE-2021-30951",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-30951"
},
{
"cve": "CVE-2021-30952",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-30952"
},
{
"cve": "CVE-2021-30953",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-30953"
},
{
"cve": "CVE-2021-30954",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-30954"
},
{
"cve": "CVE-2021-30984",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-30984"
},
{
"cve": "CVE-2021-3448",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-3448"
},
{
"cve": "CVE-2021-34558",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-34558"
},
{
"cve": "CVE-2021-36221",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-36221"
},
{
"cve": "CVE-2021-4115",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-4115"
},
{
"cve": "CVE-2021-4136",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-4136"
},
{
"cve": "CVE-2021-4166",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-4166"
},
{
"cve": "CVE-2021-4173",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-4173"
},
{
"cve": "CVE-2021-41771",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-41771"
},
{
"cve": "CVE-2021-41772",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-41772"
},
{
"cve": "CVE-2021-4187",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-4187"
},
{
"cve": "CVE-2021-4192",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-4192"
},
{
"cve": "CVE-2021-4193",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-4193"
},
{
"cve": "CVE-2021-4217",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-4217"
},
{
"cve": "CVE-2021-43519",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-43519"
},
{
"cve": "CVE-2021-43566",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-43566"
},
{
"cve": "CVE-2021-44142",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-44142"
},
{
"cve": "CVE-2021-45444",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-45444"
},
{
"cve": "CVE-2021-45481",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-45481"
},
{
"cve": "CVE-2021-45482",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-45482"
},
{
"cve": "CVE-2021-45483",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-45483"
},
{
"cve": "CVE-2021-45960",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-45960"
},
{
"cve": "CVE-2021-46143",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2021-46143"
},
{
"cve": "CVE-2022-0128",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0128"
},
{
"cve": "CVE-2022-0156",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0156"
},
{
"cve": "CVE-2022-0158",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0158"
},
{
"cve": "CVE-2022-0261",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0261"
},
{
"cve": "CVE-2022-0318",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0318"
},
{
"cve": "CVE-2022-0319",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0319"
},
{
"cve": "CVE-2022-0336",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0336"
},
{
"cve": "CVE-2022-0391",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0391"
},
{
"cve": "CVE-2022-0408",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0408"
},
{
"cve": "CVE-2022-0413",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0413"
},
{
"cve": "CVE-2022-0417",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0417"
},
{
"cve": "CVE-2022-0443",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0443"
},
{
"cve": "CVE-2022-0554",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0554"
},
{
"cve": "CVE-2022-0566",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0566"
},
{
"cve": "CVE-2022-0572",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0572"
},
{
"cve": "CVE-2022-0629",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0629"
},
{
"cve": "CVE-2022-0685",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0685"
},
{
"cve": "CVE-2022-0696",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0696"
},
{
"cve": "CVE-2022-0714",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0714"
},
{
"cve": "CVE-2022-0729",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0729"
},
{
"cve": "CVE-2022-0778",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-0778"
},
{
"cve": "CVE-2022-1097",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-1097"
},
{
"cve": "CVE-2022-1196",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-1196"
},
{
"cve": "CVE-2022-1197",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-1197"
},
{
"cve": "CVE-2022-1271",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-1271"
},
{
"cve": "CVE-2022-1520",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-1520"
},
{
"cve": "CVE-2022-1834",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-1834"
},
{
"cve": "CVE-2022-21245",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21245"
},
{
"cve": "CVE-2022-21270",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21270"
},
{
"cve": "CVE-2022-21291",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21291"
},
{
"cve": "CVE-2022-21303",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21303"
},
{
"cve": "CVE-2022-21304",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21304"
},
{
"cve": "CVE-2022-21344",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21344"
},
{
"cve": "CVE-2022-21349",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21349"
},
{
"cve": "CVE-2022-21367",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21367"
},
{
"cve": "CVE-2022-21426",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21426"
},
{
"cve": "CVE-2022-21434",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21434"
},
{
"cve": "CVE-2022-21443",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21443"
},
{
"cve": "CVE-2022-21449",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21449"
},
{
"cve": "CVE-2022-21476",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21476"
},
{
"cve": "CVE-2022-21493",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21493"
},
{
"cve": "CVE-2022-21494",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21494"
},
{
"cve": "CVE-2022-21496",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21496"
},
{
"cve": "CVE-2022-21514",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21514"
},
{
"cve": "CVE-2022-21524",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21524"
},
{
"cve": "CVE-2022-21533",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21533"
},
{
"cve": "CVE-2022-21712",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21712"
},
{
"cve": "CVE-2022-21716",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-21716"
},
{
"cve": "CVE-2022-22589",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-22589"
},
{
"cve": "CVE-2022-22590",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-22590"
},
{
"cve": "CVE-2022-22592",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-22592"
},
{
"cve": "CVE-2022-22620",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-22620"
},
{
"cve": "CVE-2022-22719",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-22719"
},
{
"cve": "CVE-2022-22720",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-22720"
},
{
"cve": "CVE-2022-22721",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-22721"
},
{
"cve": "CVE-2022-22818",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-22818"
},
{
"cve": "CVE-2022-22822",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-22822"
},
{
"cve": "CVE-2022-22823",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-22823"
},
{
"cve": "CVE-2022-22824",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-22824"
},
{
"cve": "CVE-2022-22825",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-22825"
},
{
"cve": "CVE-2022-22826",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-22826"
},
{
"cve": "CVE-2022-22827",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-22827"
},
{
"cve": "CVE-2022-23308",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-23308"
},
{
"cve": "CVE-2022-23772",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-23772"
},
{
"cve": "CVE-2022-23773",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-23773"
},
{
"cve": "CVE-2022-23806",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-23806"
},
{
"cve": "CVE-2022-23833",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-23833"
},
{
"cve": "CVE-2022-23852",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-23852"
},
{
"cve": "CVE-2022-23943",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-23943"
},
{
"cve": "CVE-2022-23990",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-23990"
},
{
"cve": "CVE-2022-24130",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-24130"
},
{
"cve": "CVE-2022-24407",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-24407"
},
{
"cve": "CVE-2022-24675",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-24675"
},
{
"cve": "CVE-2022-24713",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-24713"
},
{
"cve": "CVE-2022-24801",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-24801"
},
{
"cve": "CVE-2022-25235",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-25235"
},
{
"cve": "CVE-2022-25236",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-25236"
},
{
"cve": "CVE-2022-25313",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-25313"
},
{
"cve": "CVE-2022-25314",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-25314"
},
{
"cve": "CVE-2022-25315",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-25315"
},
{
"cve": "CVE-2022-25762",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-25762"
},
{
"cve": "CVE-2022-26381",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-26381"
},
{
"cve": "CVE-2022-26383",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-26383"
},
{
"cve": "CVE-2022-26384",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-26384"
},
{
"cve": "CVE-2022-26386",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-26386"
},
{
"cve": "CVE-2022-26387",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-26387"
},
{
"cve": "CVE-2022-26485",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-26485"
},
{
"cve": "CVE-2022-26486",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-26486"
},
{
"cve": "CVE-2022-28281",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-28281"
},
{
"cve": "CVE-2022-28282",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-28282"
},
{
"cve": "CVE-2022-28285",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-28285"
},
{
"cve": "CVE-2022-28286",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-28286"
},
{
"cve": "CVE-2022-28289",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-28289"
},
{
"cve": "CVE-2022-28327",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-28327"
},
{
"cve": "CVE-2022-28346",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-28346"
},
{
"cve": "CVE-2022-28347",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-28347"
},
{
"cve": "CVE-2022-29824",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-29824"
},
{
"cve": "CVE-2022-29909",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-29909"
},
{
"cve": "CVE-2022-29911",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-29911"
},
{
"cve": "CVE-2022-29912",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-29912"
},
{
"cve": "CVE-2022-29913",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-29913"
},
{
"cve": "CVE-2022-29914",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-29914"
},
{
"cve": "CVE-2022-29916",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-29916"
},
{
"cve": "CVE-2022-29917",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-29917"
},
{
"cve": "CVE-2022-31736",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-31736"
},
{
"cve": "CVE-2022-31737",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-31737"
},
{
"cve": "CVE-2022-31738",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-31738"
},
{
"cve": "CVE-2022-31739",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-31739"
},
{
"cve": "CVE-2022-3174",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-3174"
},
{
"cve": "CVE-2022-31740",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-31740"
},
{
"cve": "CVE-2022-31741",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-31741"
},
{
"cve": "CVE-2022-31742",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-31742"
},
{
"cve": "CVE-2022-31747",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-31747"
},
{
"cve": "CVE-2022-4187",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T000872",
"T015632",
"T002977"
]
},
"release_date": "2022-09-07T22:00:00.000+00:00",
"title": "CVE-2022-4187"
}
]
}
WID-SEC-W-2022-2265
Vulnerability from csaf_certbund - Published: 2022-12-07 23:00 - Updated: 2025-05-18 22:00Summary
Red Hat OpenStack: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenStack ist eine Sammlung von Diensten, um Cloud-Computing in Form von Infrastructure as a Service (IaaS) bereitstellen zu können.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenStack ausnutzen, um die Verfügbarkeit, Vertraulichkeit und Integrität zu gefährden.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat OpenStack <16.1.9
Red Hat / OpenStack
|
<16.1.9 | ||
|
Red Hat OpenStack <16.2.4
Red Hat / OpenStack
|
<16.2.4 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat OpenStack <16.1.9
Red Hat / OpenStack
|
<16.1.9 | ||
|
Red Hat OpenStack <16.2.4
Red Hat / OpenStack
|
<16.2.4 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat OpenStack <16.1.9
Red Hat / OpenStack
|
<16.1.9 | ||
|
Red Hat OpenStack <16.2.4
Red Hat / OpenStack
|
<16.2.4 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat OpenStack <16.1.9
Red Hat / OpenStack
|
<16.1.9 | ||
|
Red Hat OpenStack <16.2.4
Red Hat / OpenStack
|
<16.2.4 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat OpenStack <16.1.9
Red Hat / OpenStack
|
<16.1.9 | ||
|
Red Hat OpenStack <16.2.4
Red Hat / OpenStack
|
<16.2.4 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat OpenStack <16.1.9
Red Hat / OpenStack
|
<16.1.9 | ||
|
Red Hat OpenStack <16.2.4
Red Hat / OpenStack
|
<16.2.4 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat OpenStack <16.1.9
Red Hat / OpenStack
|
<16.1.9 | ||
|
Red Hat OpenStack <16.2.4
Red Hat / OpenStack
|
<16.2.4 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat OpenStack <16.1.9
Red Hat / OpenStack
|
<16.1.9 | ||
|
Red Hat OpenStack <16.2.4
Red Hat / OpenStack
|
<16.2.4 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat OpenStack <16.1.9
Red Hat / OpenStack
|
<16.1.9 | ||
|
Red Hat OpenStack <16.2.4
Red Hat / OpenStack
|
<16.2.4 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat OpenStack <16.1.9
Red Hat / OpenStack
|
<16.1.9 | ||
|
Red Hat OpenStack <16.2.4
Red Hat / OpenStack
|
<16.2.4 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
References
21 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenStack ist eine Sammlung von Diensten, um Cloud-Computing in Form von Infrastructure as a Service (IaaS) bereitstellen zu k\u00f6nnen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenStack ausnutzen, um die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2265 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2265.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2265 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2265"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2022-12-07",
"url": "https://access.redhat.com/errata/RHSA-2022:8846"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2022-12-07",
"url": "https://access.redhat.com/errata/RHSA-2022:8862"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2022-12-07",
"url": "https://access.redhat.com/errata/RHSA-2022:8850"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2022-12-07",
"url": "https://access.redhat.com/errata/RHSA-2022:8864"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2022-12-07",
"url": "https://access.redhat.com/errata/RHSA-2022:8853"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2022-12-07",
"url": "https://access.redhat.com/errata/RHSA-2022:8872"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2022-12-07",
"url": "https://access.redhat.com/errata/RHSA-2022:8855"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2022-12-07",
"url": "https://access.redhat.com/errata/RHSA-2022:8870"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2022-12-07",
"url": "https://access.redhat.com/errata/RHSA-2022:8854"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2022-12-07",
"url": "https://access.redhat.com/errata/RHSA-2022:8868"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2022-12-07",
"url": "https://access.redhat.com/errata/RHSA-2022:8857"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0275 vom 2023-01-25",
"url": "https://access.redhat.com/errata/RHSA-2023:0275"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0276 vom 2023-01-25",
"url": "https://access.redhat.com/errata/RHSA-2023:0276"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6059-1 vom 2023-05-08",
"url": "https://ubuntu.com/security/notices/USN-6059-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6067-1 vom 2023-05-10",
"url": "https://ubuntu.com/security/notices/USN-6067-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4283 vom 2023-07-26",
"url": "https://access.redhat.com/errata/RHSA-2023:4283"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASEMR-PUPPET-2023-001 vom 2023-09-27",
"url": "https://alas.aws.amazon.com/AL2/ALASEMR-PUPPET-2023-001.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6629-3 vom 2024-02-15",
"url": "https://ubuntu.com/security/notices/USN-6629-3"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15107-1 vom 2025-05-18",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KL3RUIUL44VPVSZZRZRL4FQDR4CDAGSW/"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenStack: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-18T22:00:00.000+00:00",
"generator": {
"date": "2025-05-19T08:27:34.227+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-2265",
"initial_release_date": "2022-12-07T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-12-07T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-01-25T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-05-07T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-05-10T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-07-26T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-07-31T22:00:00.000+00:00",
"number": "6",
"summary": "CVE\u0027s erg\u00e4nzt"
},
{
"date": "2023-09-27T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-02-14T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-18T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von openSUSE aufgenommen"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c16.2.4",
"product": {
"name": "Red Hat OpenStack \u003c16.2.4",
"product_id": "T025520"
}
},
{
"category": "product_version",
"name": "16.2.4",
"product": {
"name": "Red Hat OpenStack 16.2.4",
"product_id": "T025520-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c16.1.9",
"product": {
"name": "Red Hat OpenStack \u003c16.1.9",
"product_id": "T025521"
}
},
{
"category": "product_version",
"name": "16.1.9",
"product": {
"name": "Red Hat OpenStack 16.1.9",
"product_id": "T025521-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.1.9"
}
}
}
],
"category": "product_name",
"name": "OpenStack"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27025",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T027843",
"T025521",
"T025520",
"398363"
]
},
"release_date": "2022-12-07T23:00:00.000+00:00",
"title": "CVE-2021-27025"
},
{
"cve": "CVE-2022-22818",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T027843",
"T025521",
"T025520",
"398363"
]
},
"release_date": "2022-12-07T23:00:00.000+00:00",
"title": "CVE-2022-22818"
},
{
"cve": "CVE-2022-23833",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T027843",
"T025521",
"T025520",
"398363"
]
},
"release_date": "2022-12-07T23:00:00.000+00:00",
"title": "CVE-2022-23833"
},
{
"cve": "CVE-2022-28346",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T027843",
"T025521",
"T025520",
"398363"
]
},
"release_date": "2022-12-07T23:00:00.000+00:00",
"title": "CVE-2022-28346"
},
{
"cve": "CVE-2022-2996",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T027843",
"T025521",
"T025520",
"398363"
]
},
"release_date": "2022-12-07T23:00:00.000+00:00",
"title": "CVE-2022-2996"
},
{
"cve": "CVE-2022-31116",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T027843",
"T025521",
"T025520",
"398363"
]
},
"release_date": "2022-12-07T23:00:00.000+00:00",
"title": "CVE-2022-31116"
},
{
"cve": "CVE-2022-31117",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T027843",
"T025521",
"T025520",
"398363"
]
},
"release_date": "2022-12-07T23:00:00.000+00:00",
"title": "CVE-2022-31117"
},
{
"cve": "CVE-2022-3277",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T027843",
"T025521",
"T025520",
"398363"
]
},
"release_date": "2022-12-07T23:00:00.000+00:00",
"title": "CVE-2022-3277"
},
{
"cve": "CVE-2022-37026",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T027843",
"T025521",
"T025520",
"398363"
]
},
"release_date": "2022-12-07T23:00:00.000+00:00",
"title": "CVE-2022-37026"
},
{
"cve": "CVE-2023-3637",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T027843",
"T025521",
"T025520",
"398363"
]
},
"release_date": "2022-12-07T23:00:00.000+00:00",
"title": "CVE-2023-3637"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…