Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-45142 (GCVE-0-2023-45142)
Vulnerability from cvelistv5 – Published: 2023-10-12 16:33 – Updated: 2025-02-13 17:13
VLAI
EPSS
Title
OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics
Summary
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.
Severity
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://github.com/open-telemetry/opentelemetry-g… | x_refsource_CONFIRM |
| https://github.com/open-telemetry/opentelemetry-g… | x_refsource_MISC |
| https://github.com/open-telemetry/opentelemetry-g… | x_refsource_MISC |
| https://github.com/advisories/GHSA-cg3q-j54f-5p7p | x_refsource_MISC |
| https://github.com/open-telemetry/opentelemetry-g… | x_refsource_MISC |
| https://github.com/open-telemetry/opentelemetry-g… | x_refsource_MISC |
| https://github.com/open-telemetry/opentelemetry-g… | x_refsource_MISC |
| https://github.com/open-telemetry/opentelemetry-g… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| open-telemetry | opentelemetry-go-contrib |
Affected:
< 0.44.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277"
},
{
"name": "https://github.com/advisories/GHSA-cg3q-j54f-5p7p",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-cg3q-j54f-5p7p"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTRJ54INZG3OC2FTAN6AFB2RYNY2GAD/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "opentelemetry-go-contrib",
"vendor": "open-telemetry",
"versions": [
{
"status": "affected",
"version": "\u003c 0.44.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-19T03:06:08.734Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277"
},
{
"name": "https://github.com/advisories/GHSA-cg3q-j54f-5p7p",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advisories/GHSA-cg3q-j54f-5p7p"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTRJ54INZG3OC2FTAN6AFB2RYNY2GAD/"
}
],
"source": {
"advisory": "GHSA-rcjv-mgp8-qvmr",
"discovery": "UNKNOWN"
},
"title": "OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45142",
"datePublished": "2023-10-12T16:33:21.435Z",
"dateReserved": "2023-10-04T16:02:46.330Z",
"dateUpdated": "2025-02-13T17:13:49.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-45142",
"date": "2026-06-15",
"epss": "0.01364",
"percentile": "0.68091"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:opentelemetry:opentelemetry:*:*:*:*:*:go:*:*\", \"versionEndExcluding\": \"0.44.0\", \"matchCriteriaId\": \"2E7726FA-0421-40C6-B36B-3B6618D81880\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.\"}, {\"lang\": \"es\", \"value\": \"OpenTelemetry-Go Contrib es una colecci\\u00f3n de paquetes de terceros para OpenTelemetry-Go. Un contenedor de controlador listo para usar agrega etiquetas `http.user_agent` y `http.method` que tienen cardinalidad independiente. Conduce al posible agotamiento de la memoria del servidor cuando se le env\\u00edan muchas solicitudes maliciosas. Un atacante puede configurar f\\u00e1cilmente el encabezado HTTP User-Agent o el m\\u00e9todo HTTP para solicitudes para que sea aleatorio y largo. La librer\\u00eda utiliza internamente `httpconv.ServerRequest` que registra cada valor para el `method` HTTP y el `User-Agent`. Para verse afectado, un programa debe utilizar el contenedor `otelhttp.NewHandler` y no filtrar ning\\u00fan m\\u00e9todo HTTP desconocido o agentes de usuario en el nivel de CDN, LB, middleware anterior, etc. La versi\\u00f3n 0.44.0 solucion\\u00f3 este problema cuando el Los valores recopilados para el atributo `http.request.method` se cambiaron para restringirlos a un conjunto de valores conocidos y se eliminaron otros atributos de alta cardinalidad. Como workaround para dejar de verse afectado, se puede utilizar `otelhttp.WithFilter()`, pero requiere una configuraci\\u00f3n manual cuidadosa para no registrar ciertas solicitudes por completo. Para mayor comodidad y uso seguro de esta librer\\u00eda, deber\\u00eda marcar de forma predeterminada con la etiqueta \\\"unknown\\\" los m\\u00e9todos HTTP no est\\u00e1ndar y los agentes de usuario para mostrar que dichas solicitudes se realizaron pero no aumentan la cardinalidad. En caso de que alguien quiera seguir con el comportamiento actual, la API de la librer\\u00eda deber\\u00eda permitir habilitarlo.\"}]",
"id": "CVE-2023-45142",
"lastModified": "2024-11-21T08:26:25.920",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-10-12T17:15:09.990",
"references": "[{\"url\": \"https://github.com/advisories/GHSA-cg3q-j54f-5p7p\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTRJ54INZG3OC2FTAN6AFB2RYNY2GAD/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/advisories/GHSA-cg3q-j54f-5p7p\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTRJ54INZG3OC2FTAN6AFB2RYNY2GAD/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-45142\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-10-12T17:15:09.990\",\"lastModified\":\"2024-11-21T08:26:25.920\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.\"},{\"lang\":\"es\",\"value\":\"OpenTelemetry-Go Contrib es una colecci\u00f3n de paquetes de terceros para OpenTelemetry-Go. Un contenedor de controlador listo para usar agrega etiquetas `http.user_agent` y `http.method` que tienen cardinalidad independiente. Conduce al posible agotamiento de la memoria del servidor cuando se le env\u00edan muchas solicitudes maliciosas. Un atacante puede configurar f\u00e1cilmente el encabezado HTTP User-Agent o el m\u00e9todo HTTP para solicitudes para que sea aleatorio y largo. La librer\u00eda utiliza internamente `httpconv.ServerRequest` que registra cada valor para el `method` HTTP y el `User-Agent`. Para verse afectado, un programa debe utilizar el contenedor `otelhttp.NewHandler` y no filtrar ning\u00fan m\u00e9todo HTTP desconocido o agentes de usuario en el nivel de CDN, LB, middleware anterior, etc. La versi\u00f3n 0.44.0 solucion\u00f3 este problema cuando el Los valores recopilados para el atributo `http.request.method` se cambiaron para restringirlos a un conjunto de valores conocidos y se eliminaron otros atributos de alta cardinalidad. Como workaround para dejar de verse afectado, se puede utilizar `otelhttp.WithFilter()`, pero requiere una configuraci\u00f3n manual cuidadosa para no registrar ciertas solicitudes por completo. Para mayor comodidad y uso seguro de esta librer\u00eda, deber\u00eda marcar de forma predeterminada con la etiqueta \\\"unknown\\\" los m\u00e9todos HTTP no est\u00e1ndar y los agentes de usuario para mostrar que dichas solicitudes se realizaron pero no aumentan la cardinalidad. En caso de que alguien quiera seguir con el comportamiento actual, la API de la librer\u00eda deber\u00eda permitir habilitarlo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opentelemetry:opentelemetry:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.44.0\",\"matchCriteriaId\":\"2E7726FA-0421-40C6-B36B-3B6618D81880\"}]}]}],\"references\":[{\"url\":\"https://github.com/advisories/GHSA-cg3q-j54f-5p7p\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTRJ54INZG3OC2FTAN6AFB2RYNY2GAD/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/advisories/GHSA-cg3q-j54f-5p7p\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTRJ54INZG3OC2FTAN6AFB2RYNY2GAD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
SUSE-SU-2024:3288-1
Vulnerability from csaf_suse - Published: 2024-09-17 07:48 - Updated: 2024-09-17 07:48Summary
Security update for golang-github-prometheus-prometheus
Severity
Important
Notes
Title of the patch: Security update for golang-github-prometheus-prometheus
Description of the patch: This update for golang-github-prometheus-prometheus fixes the following issues:
- Require Go > 1.20 for building
- Bump go-retryablehttp to version 0.7.7
(CVE-2024-6104, bsc#1227038)
- Migrate from `disabled` to `manual` service mode
- Add0003-Bump-go-retryablehttp.patch
- Update to 2.45.6 (jsc#PED-3577):
* Security fixes in dependencies
- Update to 2.45.5:
* [BUGFIX] tsdb/agent: ensure that new series get written to WAL
on rollback.
* [BUGFIX] Remote write: Avoid a race condition when applying
configuration.
- Update to 2.45.4:
* [BUGFIX] Remote read: Release querier resources before encoding
the results.
- Update to 2.45.3:
* Security fixes in dependencies
* [BUGFIX] TSDB: Remove double memory snapshot on shutdown.
- Update to 2.45.2:
* Security fixes in dependencies
* [SECURITY] Updated otelhttp to version 0.46.1
(CVE-2023-45142, bsc#1228556)
* [BUGFIX] TSDB: Fix PostingsForMatchers race with creating new
series.
- Update to 2.45.1:
* [ENHANCEMENT] Hetzner SD: Support larger ID's that will be used
by Hetzner in September.
* [BUGFIX] Linode SD: Cast InstanceSpec values to int64 to avoid
overflows on 386 architecture.
* [BUGFIX] TSDB: Handle TOC parsing failures.
- update to 2.45.0 (jsc#PED-5406):
* [FEATURE] API: New limit parameter to limit the number of items
returned by `/api/v1/status/tsdb` endpoint.
* [FEATURE] Config: Add limits to global config.
* [FEATURE] Consul SD: Added support for `path_prefix`.
* [FEATURE] Native histograms: Add option to scrape both classic
and native histograms.
* [FEATURE] Native histograms: Added support for two more
arithmetic operators `avg_over_time` and `sum_over_time`.
* [FEATURE] Promtool: When providing the block id, only one block
will be loaded and analyzed.
* [FEATURE] Remote-write: New Azure ad configuration to support
remote writing directly to Azure Monitor workspace.
* [FEATURE] TSDB: Samples per chunk are now configurable with
flag `storage.tsdb.samples-per-chunk`. By default set to its
former value 120.
* [ENHANCEMENT] Native histograms: bucket size can now be limited
to avoid scrape fails.
* [ENHANCEMENT] TSDB: Dropped series are now deleted from the WAL
sooner.
* [BUGFIX] Native histograms: ChunkSeries iterator now checks if
a new sample can be appended to the open chunk.
* [BUGFIX] Native histograms: Fix Histogram Appender
`Appendable()` segfault.
* [BUGFIX] Native histograms: Fix setting reset header to gauge
histograms in seriesToChunkEncoder.
* [BUGFIX] TSDB: Tombstone intervals are not modified after Get()
call.
* [BUGFIX] TSDB: Use path/filepath to set the WAL directory.
- update to 2.44.0:
* [FEATURE] Remote-read: Handle native histograms.
* [FEATURE] Promtool: Health and readiness check of prometheus
server in CLI.
* [FEATURE] PromQL: Add `query_samples_total` metric, the total
number of samples loaded by all queries.
* [ENHANCEMENT] Storage: Optimise buffer used to iterate through
samples.
* [ENHANCEMENT] Scrape: Reduce memory allocations on target
labels.
* [ENHANCEMENT] PromQL: Use faster heap method for `topk()` /
`bottomk()`.
* [ENHANCEMENT] Rules API: Allow filtering by rule name.
* [ENHANCEMENT] Native Histograms: Various fixes and
improvements.
* [ENHANCEMENT] UI: Search of scraping pools is now
case-insensitive.
* [ENHANCEMENT] TSDB: Add an affirmative log message for
successful WAL repair.
* [BUGFIX] TSDB: Block compaction failed when shutting down.
* [BUGFIX] TSDB: Out-of-order chunks could be ignored if the
write-behind log was deleted.
- rebase patch 0001-Do-not-force-the-pure-Go-name-resolver.patch
onto v2.44.0
- update to 2.43.1
* [BUGFIX] Labels: Set() after Del() would be ignored, which
broke some relabeling rules.
- update to 2.43.0:
* [FEATURE] Promtool: Add HTTP client configuration to query
commands.
* [FEATURE] Scrape: Add `include_scrape_configs` to include
scrape configs from different files.
* [FEATURE] HTTP client: Add `no_proxy` to exclude URLs from
proxied requests.
* [FEATURE] HTTP client: Add `proxy_from_enviroment` to read
proxies from env variables.
* [ENHANCEMENT] API: Add support for setting lookback delta per
query via the API.
* [ENHANCEMENT] API: Change HTTP status code from 503/422 to 499
if a request is canceled.
* [ENHANCEMENT] Scrape: Allow exemplars for all metric types.
* [ENHANCEMENT] TSDB: Add metrics for head chunks and WAL folders
size.
* [ENHANCEMENT] TSDB: Automatically remove incorrect snapshot
with index that is ahead of WAL.
* [ENHANCEMENT] TSDB: Improve Prometheus parser error outputs to
be more comprehensible.
* [ENHANCEMENT] UI: Scope `group by` labels to metric in
autocompletion.
* [BUGFIX] Scrape: Fix
`prometheus_target_scrape_pool_target_limit` metric not set
before reloading.
* [BUGFIX] TSDB: Correctly update
`prometheus_tsdb_head_chunks_removed_total` and
`prometheus_tsdb_head_chunks` metrics when reading WAL.
* [BUGFIX] TSDB: Use the correct unit (seconds) when recording
out-of-order append deltas in the
`prometheus_tsdb_sample_ooo_delta` metric.
- update to 2.42.0:
This release comes with a bunch of feature coverage for native
histograms and breaking changes.
If you are trying native histograms already, we recommend you
remove the `wal` directory when upgrading.
Because the old WAL record for native histograms is not
backward compatible in v2.42.0, this will lead to some data
loss for the latest data.
Additionally, if you scrape 'float histograms' or use recording
rules on native histograms in v2.42.0 (which writes float
histograms), it is a one-way street since older versions do not
support float histograms.
* [CHANGE] **breaking** TSDB: Changed WAL record format for the
experimental native histograms.
* [FEATURE] Add 'keep_firing_for' field to alerting rules.
* [FEATURE] Promtool: Add support of selecting timeseries for
TSDB dump.
* [ENHANCEMENT] Agent: Native histogram support.
* [ENHANCEMENT] Rules: Support native histograms in recording
rules.
* [ENHANCEMENT] SD: Add container ID as a meta label for pod
targets for Kubernetes.
* [ENHANCEMENT] SD: Add VM size label to azure service
discovery.
* [ENHANCEMENT] Support native histograms in federation.
* [ENHANCEMENT] TSDB: Add gauge histogram support.
* [ENHANCEMENT] TSDB/Scrape: Support FloatHistogram that
represents buckets as float64 values.
* [ENHANCEMENT] UI: Show individual scrape pools on /targets
page.
- update to 2.41.0:
* [FEATURE] Relabeling: Add keepequal and dropequal relabel
actions.
* [FEATURE] Add support for HTTP proxy headers.
* [ENHANCEMENT] Reload private certificates when changed on disk.
* [ENHANCEMENT] Add max_version to specify maximum TLS version in
tls_config.
* [ENHANCEMENT] Add goos and goarch labels to
prometheus_build_info.
* [ENHANCEMENT] SD: Add proxy support for EC2 and LightSail SDs.
* [ENHANCEMENT] SD: Add new metric
prometheus_sd_file_watcher_errors_total.
* [ENHANCEMENT] Remote Read: Use a pool to speed up marshalling.
* [ENHANCEMENT] TSDB: Improve handling of tombstoned chunks in
iterators.
* [ENHANCEMENT] TSDB: Optimize postings offset table reading.
* [BUGFIX] Scrape: Validate the metric name, label names, and
label values after relabeling.
* [BUGFIX] Remote Write receiver and rule manager: Fix error
handling.
- update to 2.40.7:
* [BUGFIX] TSDB: Fix queries involving negative buckets of native
histograms.
- update to 2.40.5:
* [BUGFIX] TSDB: Fix queries involving native histograms due to
improper reset of iterators.
- update to 2.40.3:
* [BUGFIX] TSDB: Fix compaction after a deletion is called.
- update to 2.40.2:
* [BUGFIX] UI: Fix black-on-black metric name color in dark mode.
- update to 2.40.1:
* [BUGFIX] TSDB: Fix alignment for atomic int64 for 32 bit
architecture.
* [BUGFIX] Scrape: Fix accept headers.
- update to 2.40.0:
* [FEATURE] Add experimental support for native histograms.
Enable with the flag --enable-feature=native-histograms.
* [FEATURE] SD: Add service discovery for OVHcloud.
* [ENHANCEMENT] Kubernetes SD: Use protobuf encoding.
* [ENHANCEMENT] TSDB: Use golang.org/x/exp/slices for improved
sorting speed.
* [ENHANCEMENT] Consul SD: Add enterprise admin partitions. Adds
__meta_consul_partition label. Adds partition config in
consul_sd_config.
* [BUGFIX] API: Fix API error codes for /api/v1/labels and
/api/v1/series.
- update to 2.39.1:
* [BUGFIX] Rules: Fix notifier relabel changing the labels on
active alerts.
- update to 2.39.0:
* [FEATURE] experimental TSDB: Add support for ingesting
out-of-order samples. This is configured via
out_of_order_time_window field in the config file; check config
file docs for more info.
* [ENHANCEMENT] API: /-/healthy and /-/ready API calls now also
respond to a HEAD request on top of existing GET support.
* [ENHANCEMENT] PuppetDB SD: Add __meta_puppetdb_query label.
* [ENHANCEMENT] AWS EC2 SD: Add __meta_ec2_region label.
* [ENHANCEMENT] AWS Lightsail SD: Add __meta_lightsail_region
label.
* [ENHANCEMENT] Scrape: Optimise relabeling by re-using memory.
* [ENHANCEMENT] TSDB: Improve WAL replay timings.
* [ENHANCEMENT] TSDB: Optimise memory by not storing unnecessary
data in the memory.
* [ENHANCEMENT] TSDB: Allow overlapping blocks by default.
--storage.tsdb.allow-overlapping-blocks now has no effect.
* [ENHANCEMENT] UI: Click to copy label-value pair from query
result to clipboard.
* [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a
memory leak.
* [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus
startup.
* [BUGFIX] PromQL: Properly close file descriptor when logging
unfinished queries.
* [BUGFIX] Agent: Fix validation of flag options and prevent WAL
from growing more than desired.
- update to 2.38.0:
* [FEATURE]: Web: Add a /api/v1/format_query HTTP API endpoint
that allows pretty-formatting PromQL expressions.
* [FEATURE]: UI: Add support for formatting PromQL expressions in
the UI.
* [FEATURE]: DNS SD: Support MX records for discovering targets.
* [FEATURE]: Templates: Add toTime() template function that
allows converting sample timestamps to Go time.Time values.
* [ENHANCEMENT]: Kubernetes SD: Add
__meta_kubernetes_service_port_number meta label indicating the
service port number.
* [ENHANCEMENT]: Kubernetes SD: Add
__meta_kubernetes_pod_container_image meta label indicating the
container image.
* [ENHANCEMENT]: PromQL: When a query panics, also log the query
itself alongside the panic message.
* [ENHANCEMENT]: UI: Tweak colors in the dark theme to improve
the contrast ratio.
* [ENHANCEMENT]: Web: Speed up calls to /api/v1/rules by avoiding
locks and using atomic types instead.
* [ENHANCEMENT]: Scrape: Add a no-default-scrape-port feature
flag, which omits or removes any default HTTP (:80) or HTTPS
(:443) ports in the target's scrape address.
* [BUGFIX]: TSDB: In the WAL watcher metrics, expose the
type='exemplar' label instead of type='unknown' for exemplar
records.
* [BUGFIX]: TSDB: Fix race condition around allocating series IDs
during chunk snapshot loading.
- Remove npm_licenses.tar.bz2 during 'make clean'
- Remove web-ui archives during 'make clean'.
* [SECURITY] CVE-2022-41715: Limit memory used by parsing regexps
(bsc#1204023).
- Fix uncontrolled resource consumption by updating Go to version
1.20.1 (CVE-2022-41723, bsc#1208298)
Patchnames: SUSE-2024-3288,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3288,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3288,SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-3288,openSUSE-SLE-15.5-2024-3288,openSUSE-SLE-15.6-2024-3288
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for golang-github-prometheus-prometheus",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for golang-github-prometheus-prometheus fixes the following issues:\n\n- Require Go \u003e 1.20 for building\n\n- Bump go-retryablehttp to version 0.7.7\n (CVE-2024-6104, bsc#1227038)\n- Migrate from `disabled` to `manual` service mode\n- Add0003-Bump-go-retryablehttp.patch\n- Update to 2.45.6 (jsc#PED-3577):\n * Security fixes in dependencies\n- Update to 2.45.5:\n * [BUGFIX] tsdb/agent: ensure that new series get written to WAL\n on rollback.\n * [BUGFIX] Remote write: Avoid a race condition when applying\n configuration.\n- Update to 2.45.4:\n * [BUGFIX] Remote read: Release querier resources before encoding\n the results.\n- Update to 2.45.3:\n * Security fixes in dependencies\n * [BUGFIX] TSDB: Remove double memory snapshot on shutdown.\n- Update to 2.45.2:\n * Security fixes in dependencies\n * [SECURITY] Updated otelhttp to version 0.46.1\n (CVE-2023-45142, bsc#1228556)\n * [BUGFIX] TSDB: Fix PostingsForMatchers race with creating new\n series.\n- Update to 2.45.1:\n * [ENHANCEMENT] Hetzner SD: Support larger ID\u0027s that will be used\n by Hetzner in September.\n * [BUGFIX] Linode SD: Cast InstanceSpec values to int64 to avoid\n overflows on 386 architecture.\n * [BUGFIX] TSDB: Handle TOC parsing failures.\n\n- update to 2.45.0 (jsc#PED-5406):\n * [FEATURE] API: New limit parameter to limit the number of items\n returned by `/api/v1/status/tsdb` endpoint. \n * [FEATURE] Config: Add limits to global config. \n * [FEATURE] Consul SD: Added support for `path_prefix`. \n * [FEATURE] Native histograms: Add option to scrape both classic\n and native histograms. \n * [FEATURE] Native histograms: Added support for two more\n arithmetic operators `avg_over_time` and `sum_over_time`.\n * [FEATURE] Promtool: When providing the block id, only one block\n will be loaded and analyzed. \n * [FEATURE] Remote-write: New Azure ad configuration to support\n remote writing directly to Azure Monitor workspace. \n * [FEATURE] TSDB: Samples per chunk are now configurable with\n flag `storage.tsdb.samples-per-chunk`. By default set to its\n former value 120. \n * [ENHANCEMENT] Native histograms: bucket size can now be limited\n to avoid scrape fails. \n * [ENHANCEMENT] TSDB: Dropped series are now deleted from the WAL\n sooner. \n * [BUGFIX] Native histograms: ChunkSeries iterator now checks if\n a new sample can be appended to the open chunk. \n * [BUGFIX] Native histograms: Fix Histogram Appender\n `Appendable()` segfault. \n * [BUGFIX] Native histograms: Fix setting reset header to gauge\n histograms in seriesToChunkEncoder. \n * [BUGFIX] TSDB: Tombstone intervals are not modified after Get()\n call. \n * [BUGFIX] TSDB: Use path/filepath to set the WAL directory.\n- update to 2.44.0:\n * [FEATURE] Remote-read: Handle native histograms. \n * [FEATURE] Promtool: Health and readiness check of prometheus\n server in CLI. \n * [FEATURE] PromQL: Add `query_samples_total` metric, the total\n number of samples loaded by all queries.\n * [ENHANCEMENT] Storage: Optimise buffer used to iterate through\n samples.\n * [ENHANCEMENT] Scrape: Reduce memory allocations on target\n labels.\n * [ENHANCEMENT] PromQL: Use faster heap method for `topk()` /\n `bottomk()`.\n * [ENHANCEMENT] Rules API: Allow filtering by rule name.\n * [ENHANCEMENT] Native Histograms: Various fixes and\n improvements.\n * [ENHANCEMENT] UI: Search of scraping pools is now\n case-insensitive.\n * [ENHANCEMENT] TSDB: Add an affirmative log message for\n successful WAL repair.\n * [BUGFIX] TSDB: Block compaction failed when shutting down.\n * [BUGFIX] TSDB: Out-of-order chunks could be ignored if the\n write-behind log was deleted.\n- rebase patch 0001-Do-not-force-the-pure-Go-name-resolver.patch\n onto v2.44.0\n- update to 2.43.1\n * [BUGFIX] Labels: Set() after Del() would be ignored, which\n broke some relabeling rules.\n- update to 2.43.0:\n * [FEATURE] Promtool: Add HTTP client configuration to query\n commands.\n * [FEATURE] Scrape: Add `include_scrape_configs` to include\n scrape configs from different files.\n * [FEATURE] HTTP client: Add `no_proxy` to exclude URLs from\n proxied requests.\n * [FEATURE] HTTP client: Add `proxy_from_enviroment` to read\n proxies from env variables.\n * [ENHANCEMENT] API: Add support for setting lookback delta per\n query via the API.\n * [ENHANCEMENT] API: Change HTTP status code from 503/422 to 499\n if a request is canceled.\n * [ENHANCEMENT] Scrape: Allow exemplars for all metric types.\n * [ENHANCEMENT] TSDB: Add metrics for head chunks and WAL folders\n size.\n * [ENHANCEMENT] TSDB: Automatically remove incorrect snapshot\n with index that is ahead of WAL.\n * [ENHANCEMENT] TSDB: Improve Prometheus parser error outputs to\n be more comprehensible.\n * [ENHANCEMENT] UI: Scope `group by` labels to metric in\n autocompletion.\n * [BUGFIX] Scrape: Fix\n `prometheus_target_scrape_pool_target_limit` metric not set\n before reloading.\n * [BUGFIX] TSDB: Correctly update\n `prometheus_tsdb_head_chunks_removed_total` and\n `prometheus_tsdb_head_chunks` metrics when reading WAL.\n * [BUGFIX] TSDB: Use the correct unit (seconds) when recording\n out-of-order append deltas in the\n `prometheus_tsdb_sample_ooo_delta` metric.\n- update to 2.42.0:\n This release comes with a bunch of feature coverage for native\n histograms and breaking changes.\n If you are trying native histograms already, we recommend you\n remove the `wal` directory when upgrading.\n Because the old WAL record for native histograms is not\n backward compatible in v2.42.0, this will lead to some data\n loss for the latest data.\n Additionally, if you scrape \u0027float histograms\u0027 or use recording\n rules on native histograms in v2.42.0 (which writes float\n histograms), it is a one-way street since older versions do not\n support float histograms.\n * [CHANGE] **breaking** TSDB: Changed WAL record format for the\n experimental native histograms.\n * [FEATURE] Add \u0027keep_firing_for\u0027 field to alerting rules.\n * [FEATURE] Promtool: Add support of selecting timeseries for\n TSDB dump.\n * [ENHANCEMENT] Agent: Native histogram support.\n * [ENHANCEMENT] Rules: Support native histograms in recording\n rules.\n * [ENHANCEMENT] SD: Add container ID as a meta label for pod\n targets for Kubernetes.\n * [ENHANCEMENT] SD: Add VM size label to azure service\n discovery.\n * [ENHANCEMENT] Support native histograms in federation.\n * [ENHANCEMENT] TSDB: Add gauge histogram support.\n * [ENHANCEMENT] TSDB/Scrape: Support FloatHistogram that\n represents buckets as float64 values.\n * [ENHANCEMENT] UI: Show individual scrape pools on /targets\n page.\n- update to 2.41.0:\n * [FEATURE] Relabeling: Add keepequal and dropequal relabel\n actions.\n * [FEATURE] Add support for HTTP proxy headers. \n * [ENHANCEMENT] Reload private certificates when changed on disk.\n * [ENHANCEMENT] Add max_version to specify maximum TLS version in\n tls_config.\n * [ENHANCEMENT] Add goos and goarch labels to\n prometheus_build_info.\n * [ENHANCEMENT] SD: Add proxy support for EC2 and LightSail SDs.\n * [ENHANCEMENT] SD: Add new metric\n prometheus_sd_file_watcher_errors_total.\n * [ENHANCEMENT] Remote Read: Use a pool to speed up marshalling.\n * [ENHANCEMENT] TSDB: Improve handling of tombstoned chunks in\n iterators.\n * [ENHANCEMENT] TSDB: Optimize postings offset table reading.\n * [BUGFIX] Scrape: Validate the metric name, label names, and\n label values after relabeling.\n * [BUGFIX] Remote Write receiver and rule manager: Fix error\n handling.\n- update to 2.40.7:\n * [BUGFIX] TSDB: Fix queries involving negative buckets of native\n histograms.\n- update to 2.40.5:\n * [BUGFIX] TSDB: Fix queries involving native histograms due to\n improper reset of iterators.\n- update to 2.40.3:\n * [BUGFIX] TSDB: Fix compaction after a deletion is called.\n- update to 2.40.2:\n * [BUGFIX] UI: Fix black-on-black metric name color in dark mode.\n- update to 2.40.1:\n * [BUGFIX] TSDB: Fix alignment for atomic int64 for 32 bit\n architecture.\n * [BUGFIX] Scrape: Fix accept headers.\n- update to 2.40.0:\n * [FEATURE] Add experimental support for native histograms.\n Enable with the flag --enable-feature=native-histograms.\n * [FEATURE] SD: Add service discovery for OVHcloud.\n * [ENHANCEMENT] Kubernetes SD: Use protobuf encoding.\n * [ENHANCEMENT] TSDB: Use golang.org/x/exp/slices for improved\n sorting speed.\n * [ENHANCEMENT] Consul SD: Add enterprise admin partitions. Adds\n __meta_consul_partition label. Adds partition config in\n consul_sd_config.\n * [BUGFIX] API: Fix API error codes for /api/v1/labels and\n /api/v1/series.\n- update to 2.39.1:\n * [BUGFIX] Rules: Fix notifier relabel changing the labels on\n active alerts.\n- update to 2.39.0:\n * [FEATURE] experimental TSDB: Add support for ingesting\n out-of-order samples. This is configured via\n out_of_order_time_window field in the config file; check config\n file docs for more info.\n * [ENHANCEMENT] API: /-/healthy and /-/ready API calls now also\n respond to a HEAD request on top of existing GET support.\n * [ENHANCEMENT] PuppetDB SD: Add __meta_puppetdb_query label.\n * [ENHANCEMENT] AWS EC2 SD: Add __meta_ec2_region label.\n * [ENHANCEMENT] AWS Lightsail SD: Add __meta_lightsail_region\n label.\n * [ENHANCEMENT] Scrape: Optimise relabeling by re-using memory.\n * [ENHANCEMENT] TSDB: Improve WAL replay timings.\n * [ENHANCEMENT] TSDB: Optimise memory by not storing unnecessary\n data in the memory.\n * [ENHANCEMENT] TSDB: Allow overlapping blocks by default.\n --storage.tsdb.allow-overlapping-blocks now has no effect.\n * [ENHANCEMENT] UI: Click to copy label-value pair from query\n result to clipboard.\n * [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a\n memory leak.\n * [BUGFIX] TSDB: Fix \u0027invalid magic number 0\u0027 error on Prometheus\n startup.\n * [BUGFIX] PromQL: Properly close file descriptor when logging\n unfinished queries.\n * [BUGFIX] Agent: Fix validation of flag options and prevent WAL\n from growing more than desired.\n- update to 2.38.0:\n * [FEATURE]: Web: Add a /api/v1/format_query HTTP API endpoint\n that allows pretty-formatting PromQL expressions.\n * [FEATURE]: UI: Add support for formatting PromQL expressions in\n the UI.\n * [FEATURE]: DNS SD: Support MX records for discovering targets.\n * [FEATURE]: Templates: Add toTime() template function that\n allows converting sample timestamps to Go time.Time values.\n * [ENHANCEMENT]: Kubernetes SD: Add\n __meta_kubernetes_service_port_number meta label indicating the\n service port number.\n * [ENHANCEMENT]: Kubernetes SD: Add\n __meta_kubernetes_pod_container_image meta label indicating the\n container image.\n * [ENHANCEMENT]: PromQL: When a query panics, also log the query\n itself alongside the panic message.\n * [ENHANCEMENT]: UI: Tweak colors in the dark theme to improve\n the contrast ratio.\n * [ENHANCEMENT]: Web: Speed up calls to /api/v1/rules by avoiding\n locks and using atomic types instead.\n * [ENHANCEMENT]: Scrape: Add a no-default-scrape-port feature\n flag, which omits or removes any default HTTP (:80) or HTTPS\n (:443) ports in the target\u0027s scrape address.\n * [BUGFIX]: TSDB: In the WAL watcher metrics, expose the\n type=\u0027exemplar\u0027 label instead of type=\u0027unknown\u0027 for exemplar\n records.\n * [BUGFIX]: TSDB: Fix race condition around allocating series IDs\n during chunk snapshot loading.\n\n- Remove npm_licenses.tar.bz2 during \u0027make clean\u0027\n\n- Remove web-ui archives during \u0027make clean\u0027.\n\n * [SECURITY] CVE-2022-41715: Limit memory used by parsing regexps\n (bsc#1204023).\n- Fix uncontrolled resource consumption by updating Go to version\n 1.20.1 (CVE-2022-41723, bsc#1208298)",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-3288,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3288,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3288,SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-3288,openSUSE-SLE-15.5-2024-3288,openSUSE-SLE-15.6-2024-3288",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3288-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:3288-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243288-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:3288-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019440.html"
},
{
"category": "self",
"summary": "SUSE Bug 1204023",
"url": "https://bugzilla.suse.com/1204023"
},
{
"category": "self",
"summary": "SUSE Bug 1208298",
"url": "https://bugzilla.suse.com/1208298"
},
{
"category": "self",
"summary": "SUSE Bug 1227038",
"url": "https://bugzilla.suse.com/1227038"
},
{
"category": "self",
"summary": "SUSE Bug 1228556",
"url": "https://bugzilla.suse.com/1228556"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-41715 page",
"url": "https://www.suse.com/security/cve/CVE-2022-41715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-41723 page",
"url": "https://www.suse.com/security/cve/CVE-2022-41723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45142 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6104 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6104/"
}
],
"title": "Security update for golang-github-prometheus-prometheus",
"tracking": {
"current_release_date": "2024-09-17T07:48:51Z",
"generator": {
"date": "2024-09-17T07:48:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:3288-1",
"initial_release_date": "2024-09-17T07:48:51Z",
"revision_history": [
{
"date": "2024-09-17T07:48:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"product": {
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"product_id": "firewalld-prometheus-config-0.1-150100.4.20.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"product": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"product_id": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.i586",
"product": {
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.i586",
"product_id": "firewalld-prometheus-config-0.1-150100.4.20.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.i586",
"product": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.i586",
"product_id": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"product": {
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"product_id": "firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"product": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"product_id": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"product": {
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"product_id": "firewalld-prometheus-config-0.1-150100.4.20.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"product": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"product_id": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"product": {
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"product_id": "firewalld-prometheus-config-0.1-150100.4.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"product": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"product_id": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy Module 4.3",
"product": {
"name": "SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64"
},
"product_reference": "firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le"
},
"product_reference": "firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.s390x"
},
"product_reference": "firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64"
},
"product_reference": "firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64"
},
"product_reference": "firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le"
},
"product_reference": "firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.s390x"
},
"product_reference": "firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150100.4.20.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64"
},
"product_reference": "firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-41715"
}
],
"notes": [
{
"category": "general",
"text": "Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-41715",
"url": "https://www.suse.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "SUSE Bug 1204023 for CVE-2022-41715",
"url": "https://bugzilla.suse.com/1204023"
},
{
"category": "external",
"summary": "SUSE Bug 1208441 for CVE-2022-41715",
"url": "https://bugzilla.suse.com/1208441"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-17T07:48:51Z",
"details": "moderate"
}
],
"title": "CVE-2022-41715"
},
{
"cve": "CVE-2022-41723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-41723"
}
],
"notes": [
{
"category": "general",
"text": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-41723",
"url": "https://www.suse.com/security/cve/CVE-2022-41723"
},
{
"category": "external",
"summary": "SUSE Bug 1208270 for CVE-2022-41723",
"url": "https://bugzilla.suse.com/1208270"
},
{
"category": "external",
"summary": "SUSE Bug 1215588 for CVE-2022-41723",
"url": "https://bugzilla.suse.com/1215588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-17T07:48:51Z",
"details": "important"
}
],
"title": "CVE-2022-41723"
},
{
"cve": "CVE-2023-45142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45142"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45142",
"url": "https://www.suse.com/security/cve/CVE-2023-45142"
},
{
"category": "external",
"summary": "SUSE Bug 1228553 for CVE-2023-45142",
"url": "https://bugzilla.suse.com/1228553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-17T07:48:51Z",
"details": "important"
}
],
"title": "CVE-2023-45142"
},
{
"cve": "CVE-2024-6104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6104"
}
],
"notes": [
{
"category": "general",
"text": "go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6104",
"url": "https://www.suse.com/security/cve/CVE-2024-6104"
},
{
"category": "external",
"summary": "SUSE Bug 1227024 for CVE-2024-6104",
"url": "https://bugzilla.suse.com/1227024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.5:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.5:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.20.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.45.6-150100.4.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-17T07:48:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-6104"
}
]
}
SUSE-SU-2024:4319-1
Vulnerability from csaf_suse - Published: 2024-12-13 20:16 - Updated: 2024-12-13 20:16Summary
Security update for docker
Severity
Important
Notes
Title of the patch: Security update for docker
Description of the patch: This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Allow a parallel docker-stable RPM to exists in repositories.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
- Mark docker-buildx as required since classic 'docker build' has been
deprecated since Docker 23.0. (bsc#1230331)
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
(bsc#1230333)
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Update to Docker 26.1.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2614>
- Update to Docker 26.1.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2610>
- Update --add-runtime to point to correct binary path.
Patchnames: SUSE-2024-4319,SUSE-SLE-SERVER-12-SP5-LTSS-2024-4319,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-4319
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-bash-completion-26.1.5_ce-98.120.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-26.1.5_ce-98.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-bash-completion-26.1.5_ce-98.120.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-bash-completion-26.1.5_ce-98.120.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-26.1.5_ce-98.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-bash-completion-26.1.5_ce-98.120.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
9.9 (Critical)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-bash-completion-26.1.5_ce-98.120.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-26.1.5_ce-98.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-bash-completion-26.1.5_ce-98.120.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker fixes the following issues:\n\n- Update docker-buildx to v0.19.2. See upstream changelog online at\n \u003chttps://github.com/docker/buildx/releases/tag/v0.19.2\u003e.\n\n Some notable changelogs from the last update:\n * \u003chttps://github.com/docker/buildx/releases/tag/v0.19.0\u003e\n * \u003chttps://github.com/docker/buildx/releases/tag/v0.18.0\u003e\n\n- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to\n disable the SUSEConnect integration with Docker (which creates special mounts\n in /run/secrets to allow container-suseconnect to authenticate containers\n with registries on registered hosts). bsc#1231348 bsc#1232999\n\n In order to disable these mounts, just do\n\n echo 0 \u003e /etc/docker/suse-secrets-enable\n\n and restart Docker. In order to re-enable them, just do\n\n echo 1 \u003e /etc/docker/suse-secrets-enable\n\n and restart Docker. Docker will output information on startup to tell you\n whether the SUSE secrets feature is enabled or not.\n\n- Disable docker-buildx builds for SLES. It turns out that build containers\n with docker-buildx don\u0027t currently get the SUSE secrets mounts applied,\n meaning that container-suseconnect doesn\u0027t work when building images.\n bsc#1233819\n\n- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from\n sysconfig a long time ago, and apparently this causes issues with systemd in\n some cases.\n\n- Allow a parallel docker-stable RPM to exists in repositories.\n\n- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we\n are replacing. See upstream changelog online at\n \u003chttps://github.com/docker/buildx/releases/tag/v0.17.1\u003e\n\n- Allow users to disable SUSE secrets support by setting\n DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)\n\n- Mark docker-buildx as required since classic \u0027docker build\u0027 has been\n deprecated since Docker 23.0. (bsc#1230331)\n\n- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate\n package, but with docker-stable it will be necessary to maintain the packages\n together and it makes more sense to have them live in the same OBS package.\n (bsc#1230333)\n\n- Update to Docker 26.1.5-ce. See upstream changelog online at\n \u003chttps://docs.docker.com/engine/release-notes/26.1/#2615\u003e\n bsc#1230294\n\n- This update includes fixes for:\n * CVE-2024-41110. bsc#1228324\n * CVE-2023-47108. bsc#1217070 bsc#1229806\n * CVE-2023-45142. bsc#1228553 bsc#1229806\n\n- Update to Docker 26.1.4-ce. See upstream changelog online at\n \u003chttps://docs.docker.com/engine/release-notes/26.1/#2614\u003e\n\n- Update to Docker 26.1.0-ce. See upstream changelog online at\n \u003chttps://docs.docker.com/engine/release-notes/26.1/#2610\u003e\n\n- Update --add-runtime to point to correct binary path.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-4319,SUSE-SLE-SERVER-12-SP5-LTSS-2024-4319,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-4319",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_4319-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:4319-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244319-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:4319-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/020003.html"
},
{
"category": "self",
"summary": "SUSE Bug 1217070",
"url": "https://bugzilla.suse.com/1217070"
},
{
"category": "self",
"summary": "SUSE Bug 1228324",
"url": "https://bugzilla.suse.com/1228324"
},
{
"category": "self",
"summary": "SUSE Bug 1228553",
"url": "https://bugzilla.suse.com/1228553"
},
{
"category": "self",
"summary": "SUSE Bug 1229806",
"url": "https://bugzilla.suse.com/1229806"
},
{
"category": "self",
"summary": "SUSE Bug 1230294",
"url": "https://bugzilla.suse.com/1230294"
},
{
"category": "self",
"summary": "SUSE Bug 1230331",
"url": "https://bugzilla.suse.com/1230331"
},
{
"category": "self",
"summary": "SUSE Bug 1230333",
"url": "https://bugzilla.suse.com/1230333"
},
{
"category": "self",
"summary": "SUSE Bug 1231348",
"url": "https://bugzilla.suse.com/1231348"
},
{
"category": "self",
"summary": "SUSE Bug 1232999",
"url": "https://bugzilla.suse.com/1232999"
},
{
"category": "self",
"summary": "SUSE Bug 1233819",
"url": "https://bugzilla.suse.com/1233819"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45142 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-47108 page",
"url": "https://www.suse.com/security/cve/CVE-2023-47108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41110/"
}
],
"title": "Security update for docker",
"tracking": {
"current_release_date": "2024-12-13T20:16:47Z",
"generator": {
"date": "2024-12-13T20:16:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:4319-1",
"initial_release_date": "2024-12-13T20:16:47Z",
"revision_history": [
{
"date": "2024-12-13T20:16:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-26.1.5_ce-98.120.1.aarch64",
"product": {
"name": "docker-26.1.5_ce-98.120.1.aarch64",
"product_id": "docker-26.1.5_ce-98.120.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-26.1.5_ce-98.120.1.i586",
"product": {
"name": "docker-26.1.5_ce-98.120.1.i586",
"product_id": "docker-26.1.5_ce-98.120.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-bash-completion-26.1.5_ce-98.120.1.noarch",
"product": {
"name": "docker-bash-completion-26.1.5_ce-98.120.1.noarch",
"product_id": "docker-bash-completion-26.1.5_ce-98.120.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-26.1.5_ce-98.120.1.noarch",
"product": {
"name": "docker-fish-completion-26.1.5_ce-98.120.1.noarch",
"product_id": "docker-fish-completion-26.1.5_ce-98.120.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-rootless-extras-26.1.5_ce-98.120.1.noarch",
"product": {
"name": "docker-rootless-extras-26.1.5_ce-98.120.1.noarch",
"product_id": "docker-rootless-extras-26.1.5_ce-98.120.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-26.1.5_ce-98.120.1.noarch",
"product": {
"name": "docker-zsh-completion-26.1.5_ce-98.120.1.noarch",
"product_id": "docker-zsh-completion-26.1.5_ce-98.120.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-26.1.5_ce-98.120.1.ppc64le",
"product": {
"name": "docker-26.1.5_ce-98.120.1.ppc64le",
"product_id": "docker-26.1.5_ce-98.120.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-26.1.5_ce-98.120.1.s390x",
"product": {
"name": "docker-26.1.5_ce-98.120.1.s390x",
"product_id": "docker-26.1.5_ce-98.120.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-26.1.5_ce-98.120.1.x86_64",
"product": {
"name": "docker-26.1.5_ce-98.120.1.x86_64",
"product_id": "docker-26.1.5_ce-98.120.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-98.120.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-98.120.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-98.120.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.ppc64le"
},
"product_reference": "docker-26.1.5_ce-98.120.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-98.120.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.s390x"
},
"product_reference": "docker-26.1.5_ce-98.120.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-98.120.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-98.120.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-26.1.5_ce-98.120.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-bash-completion-26.1.5_ce-98.120.1.noarch"
},
"product_reference": "docker-bash-completion-26.1.5_ce-98.120.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-98.120.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-26.1.5_ce-98.120.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-98.120.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-26.1.5_ce-98.120.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-bash-completion-26.1.5_ce-98.120.1.noarch"
},
"product_reference": "docker-bash-completion-26.1.5_ce-98.120.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45142"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-bash-completion-26.1.5_ce-98.120.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-bash-completion-26.1.5_ce-98.120.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45142",
"url": "https://www.suse.com/security/cve/CVE-2023-45142"
},
{
"category": "external",
"summary": "SUSE Bug 1228553 for CVE-2023-45142",
"url": "https://bugzilla.suse.com/1228553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-bash-completion-26.1.5_ce-98.120.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-bash-completion-26.1.5_ce-98.120.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-bash-completion-26.1.5_ce-98.120.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-bash-completion-26.1.5_ce-98.120.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-13T20:16:47Z",
"details": "important"
}
],
"title": "CVE-2023-45142"
},
{
"cve": "CVE-2023-47108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-47108"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-bash-completion-26.1.5_ce-98.120.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-bash-completion-26.1.5_ce-98.120.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-47108",
"url": "https://www.suse.com/security/cve/CVE-2023-47108"
},
{
"category": "external",
"summary": "SUSE Bug 1217070 for CVE-2023-47108",
"url": "https://bugzilla.suse.com/1217070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-bash-completion-26.1.5_ce-98.120.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-bash-completion-26.1.5_ce-98.120.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-bash-completion-26.1.5_ce-98.120.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-bash-completion-26.1.5_ce-98.120.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-13T20:16:47Z",
"details": "important"
}
],
"title": "CVE-2023-47108"
},
{
"cve": "CVE-2024-41110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41110"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\n\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-bash-completion-26.1.5_ce-98.120.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-bash-completion-26.1.5_ce-98.120.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41110",
"url": "https://www.suse.com/security/cve/CVE-2024-41110"
},
{
"category": "external",
"summary": "SUSE Bug 1228324 for CVE-2024-41110",
"url": "https://bugzilla.suse.com/1228324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-bash-completion-26.1.5_ce-98.120.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-bash-completion-26.1.5_ce-98.120.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-bash-completion-26.1.5_ce-98.120.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-26.1.5_ce-98.120.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-bash-completion-26.1.5_ce-98.120.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-13T20:16:47Z",
"details": "critical"
}
],
"title": "CVE-2024-41110"
}
]
}
SUSE-SU-2024:4360-1
Vulnerability from csaf_suse - Published: 2024-12-17 14:35 - Updated: 2024-12-17 14:35Summary
Security update for docker
Severity
Important
Notes
Title of the patch: Security update for docker
Description of the patch: This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Allow a parallel docker-stable RPM to exists in repositories.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
- Mark docker-buildx as required since classic 'docker build' has been
deprecated since Docker 23.0. (bsc#1230331)
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
(bsc#1230333)
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Update to Docker 26.1.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2614>
- Update to Docker 26.1.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2610>
- Update --add-runtime to point to correct binary path.
Patchnames: SUSE-2024-4360,SUSE-SLE-Micro-5.3-2024-4360,SUSE-SLE-Micro-5.4-2024-4360,SUSE-SLE-Micro-5.5-2024-4360,SUSE-SLE-Module-Containers-15-SP5-2024-4360,SUSE-SLE-Module-Containers-15-SP6-2024-4360,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-4360,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4360,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4360,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4360,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-4360,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4360,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4360,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-4360,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4360,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4360,SUSE-SUSE-MicroOS-5.1-2024-4360,SUSE-SUSE-MicroOS-5.2-2024-4360,SUSE-Storage-7.1-2024-4360,openSUSE-Leap-Micro-5.5-2024-4360,openSUSE-SLE-15.5-2024-4360,openSUSE-SLE-15.6-2024-4360
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
94 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
94 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.9 (Critical)
Affected products
Recommended
94 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-fish-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker fixes the following issues:\n\n- Update docker-buildx to v0.19.2. See upstream changelog online at\n \u003chttps://github.com/docker/buildx/releases/tag/v0.19.2\u003e.\n\n Some notable changelogs from the last update:\n * \u003chttps://github.com/docker/buildx/releases/tag/v0.19.0\u003e\n * \u003chttps://github.com/docker/buildx/releases/tag/v0.18.0\u003e\n\n- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to\n disable the SUSEConnect integration with Docker (which creates special mounts\n in /run/secrets to allow container-suseconnect to authenticate containers\n with registries on registered hosts). bsc#1231348 bsc#1232999\n\n In order to disable these mounts, just do\n\n echo 0 \u003e /etc/docker/suse-secrets-enable\n\n and restart Docker. In order to re-enable them, just do\n\n echo 1 \u003e /etc/docker/suse-secrets-enable\n\n and restart Docker. Docker will output information on startup to tell you\n whether the SUSE secrets feature is enabled or not.\n\n- Disable docker-buildx builds for SLES. It turns out that build containers\n with docker-buildx don\u0027t currently get the SUSE secrets mounts applied,\n meaning that container-suseconnect doesn\u0027t work when building images.\n bsc#1233819\n\n- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from\n sysconfig a long time ago, and apparently this causes issues with systemd in\n some cases.\n\n- Allow a parallel docker-stable RPM to exists in repositories.\n\n- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we\n are replacing. See upstream changelog online at\n \u003chttps://github.com/docker/buildx/releases/tag/v0.17.1\u003e\n\n- Allow users to disable SUSE secrets support by setting\n DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)\n\n- Mark docker-buildx as required since classic \u0027docker build\u0027 has been\n deprecated since Docker 23.0. (bsc#1230331)\n\n- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate\n package, but with docker-stable it will be necessary to maintain the packages\n together and it makes more sense to have them live in the same OBS package.\n (bsc#1230333)\n\n- Update to Docker 26.1.5-ce. See upstream changelog online at\n \u003chttps://docs.docker.com/engine/release-notes/26.1/#2615\u003e\n bsc#1230294\n\n- This update includes fixes for:\n * CVE-2024-41110. bsc#1228324\n * CVE-2023-47108. bsc#1217070 bsc#1229806\n * CVE-2023-45142. bsc#1228553 bsc#1229806\n\n- Update to Docker 26.1.4-ce. See upstream changelog online at\n \u003chttps://docs.docker.com/engine/release-notes/26.1/#2614\u003e\n\n- Update to Docker 26.1.0-ce. See upstream changelog online at\n \u003chttps://docs.docker.com/engine/release-notes/26.1/#2610\u003e\n\n- Update --add-runtime to point to correct binary path.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-4360,SUSE-SLE-Micro-5.3-2024-4360,SUSE-SLE-Micro-5.4-2024-4360,SUSE-SLE-Micro-5.5-2024-4360,SUSE-SLE-Module-Containers-15-SP5-2024-4360,SUSE-SLE-Module-Containers-15-SP6-2024-4360,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-4360,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4360,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4360,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4360,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-4360,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4360,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4360,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-4360,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4360,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4360,SUSE-SUSE-MicroOS-5.1-2024-4360,SUSE-SUSE-MicroOS-5.2-2024-4360,SUSE-Storage-7.1-2024-4360,openSUSE-Leap-Micro-5.5-2024-4360,openSUSE-SLE-15.5-2024-4360,openSUSE-SLE-15.6-2024-4360",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_4360-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:4360-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244360-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:4360-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/020020.html"
},
{
"category": "self",
"summary": "SUSE Bug 1217070",
"url": "https://bugzilla.suse.com/1217070"
},
{
"category": "self",
"summary": "SUSE Bug 1228324",
"url": "https://bugzilla.suse.com/1228324"
},
{
"category": "self",
"summary": "SUSE Bug 1228553",
"url": "https://bugzilla.suse.com/1228553"
},
{
"category": "self",
"summary": "SUSE Bug 1229806",
"url": "https://bugzilla.suse.com/1229806"
},
{
"category": "self",
"summary": "SUSE Bug 1230294",
"url": "https://bugzilla.suse.com/1230294"
},
{
"category": "self",
"summary": "SUSE Bug 1230331",
"url": "https://bugzilla.suse.com/1230331"
},
{
"category": "self",
"summary": "SUSE Bug 1230333",
"url": "https://bugzilla.suse.com/1230333"
},
{
"category": "self",
"summary": "SUSE Bug 1231348",
"url": "https://bugzilla.suse.com/1231348"
},
{
"category": "self",
"summary": "SUSE Bug 1232999",
"url": "https://bugzilla.suse.com/1232999"
},
{
"category": "self",
"summary": "SUSE Bug 1233819",
"url": "https://bugzilla.suse.com/1233819"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45142 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-47108 page",
"url": "https://www.suse.com/security/cve/CVE-2023-47108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41110/"
}
],
"title": "Security update for docker",
"tracking": {
"current_release_date": "2024-12-17T14:35:54Z",
"generator": {
"date": "2024-12-17T14:35:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:4360-1",
"initial_release_date": "2024-12-17T14:35:54Z",
"revision_history": [
{
"date": "2024-12-17T14:35:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-26.1.5_ce-150000.212.1.aarch64",
"product": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64",
"product_id": "docker-26.1.5_ce-150000.212.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-26.1.5_ce-150000.212.1.i586",
"product": {
"name": "docker-26.1.5_ce-150000.212.1.i586",
"product_id": "docker-26.1.5_ce-150000.212.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"product": {
"name": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"product_id": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"product": {
"name": "docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"product_id": "docker-fish-completion-26.1.5_ce-150000.212.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"product": {
"name": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"product_id": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"product": {
"name": "docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"product_id": "docker-zsh-completion-26.1.5_ce-150000.212.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-26.1.5_ce-150000.212.1.ppc64le",
"product": {
"name": "docker-26.1.5_ce-150000.212.1.ppc64le",
"product_id": "docker-26.1.5_ce-150000.212.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-26.1.5_ce-150000.212.1.s390x",
"product": {
"name": "docker-26.1.5_ce-150000.212.1.s390x",
"product_id": "docker-26.1.5_ce-150000.212.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-26.1.5_ce-150000.212.1.x86_64",
"product": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64",
"product_id": "docker-26.1.5_ce-150000.212.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.5",
"product": {
"name": "openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.s390x"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.s390x"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.ppc64le"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.ppc64le"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.s390x"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.ppc64le"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.s390x"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.s390x"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.s390x"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.s390x"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.ppc64le"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.ppc64le"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.ppc64le"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.s390x"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.s390x"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:docker-bash-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-26.1.5_ce-150000.212.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:docker-fish-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.s390x as component of openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.s390x",
"relates_to_product_reference": "openSUSE Leap Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.ppc64le"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.s390x"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-26.1.5_ce-150000.212.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-fish-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-26.1.5_ce-150000.212.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.ppc64le"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.s390x"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-150000.212.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-150000.212.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-26.1.5_ce-150000.212.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-fish-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-26.1.5_ce-150000.212.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch"
},
"product_reference": "docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45142"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45142",
"url": "https://www.suse.com/security/cve/CVE-2023-45142"
},
{
"category": "external",
"summary": "SUSE Bug 1228553 for CVE-2023-45142",
"url": "https://bugzilla.suse.com/1228553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-17T14:35:54Z",
"details": "important"
}
],
"title": "CVE-2023-45142"
},
{
"cve": "CVE-2023-47108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-47108"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-47108",
"url": "https://www.suse.com/security/cve/CVE-2023-47108"
},
{
"category": "external",
"summary": "SUSE Bug 1217070 for CVE-2023-47108",
"url": "https://bugzilla.suse.com/1217070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-17T14:35:54Z",
"details": "important"
}
],
"title": "CVE-2023-47108"
},
{
"cve": "CVE-2024-41110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41110"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\n\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41110",
"url": "https://www.suse.com/security/cve/CVE-2024-41110"
},
{
"category": "external",
"summary": "SUSE Bug 1228324 for CVE-2024-41110",
"url": "https://bugzilla.suse.com/1228324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-26.1.5_ce-150000.212.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.5:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.ppc64le",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap 15.6:docker-26.1.5_ce-150000.212.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-26.1.5_ce-150000.212.1.noarch",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.aarch64",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.s390x",
"openSUSE Leap Micro 5.5:docker-26.1.5_ce-150000.212.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-17T14:35:54Z",
"details": "critical"
}
],
"title": "CVE-2024-41110"
}
]
}
SUSE-SU-2025:20091-1
Vulnerability from csaf_suse - Published: 2025-02-03 09:10 - Updated: 2025-02-03 09:10Summary
Security update for containerd
Severity
Important
Notes
Title of the patch: Security update for containerd
Description of the patch: This update for containerd fixes the following issues:
- Update to containerd v1.7.21. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.21
Fixes CVE-2023-47108. bsc#1217070
Fixes CVE-2023-45142. bsc#1228553
- Update to containerd v1.7.17. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.17
- Update to containerd v1.7.16. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.16
CVE-2023-45288 bsc#1221400
- Update to containerd v1.7.15. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.15
- Update to containerd v1.7.14. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.14
- Update to containerd v1.7.13. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.13
- Update to containerd v1.7.12. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.12
- Update to containerd v1.7.11. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.11
GHSA-jq35-85cj-fj4p bsc#1224323
Patchnames: SUSE-SLE-Micro-6.0-147
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.1 (Critical)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd fixes the following issues:\n\n- Update to containerd v1.7.21. Upstream release notes:\n https://github.com/containerd/containerd/releases/tag/v1.7.21\n Fixes CVE-2023-47108. bsc#1217070\n Fixes CVE-2023-45142. bsc#1228553\n\n- Update to containerd v1.7.17. Upstream release notes:\n https://github.com/containerd/containerd/releases/tag/v1.7.17\n\n- Update to containerd v1.7.16. Upstream release notes:\n https://github.com/containerd/containerd/releases/tag/v1.7.16\n CVE-2023-45288 bsc#1221400\n\n- Update to containerd v1.7.15. Upstream release notes:\n https://github.com/containerd/containerd/releases/tag/v1.7.15\n\n- Update to containerd v1.7.14. Upstream release notes:\n https://github.com/containerd/containerd/releases/tag/v1.7.14\n\n- Update to containerd v1.7.13. Upstream release notes:\n https://github.com/containerd/containerd/releases/tag/v1.7.13\n\n- Update to containerd v1.7.12. Upstream release notes:\n https://github.com/containerd/containerd/releases/tag/v1.7.12\n\n- Update to containerd v1.7.11. Upstream release notes:\n https://github.com/containerd/containerd/releases/tag/v1.7.11\n GHSA-jq35-85cj-fj4p bsc#1224323\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-147",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20091-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20091-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520091-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20091-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021225.html"
},
{
"category": "self",
"summary": "SUSE Bug 1200528",
"url": "https://bugzilla.suse.com/1200528"
},
{
"category": "self",
"summary": "SUSE Bug 1217070",
"url": "https://bugzilla.suse.com/1217070"
},
{
"category": "self",
"summary": "SUSE Bug 1221400",
"url": "https://bugzilla.suse.com/1221400"
},
{
"category": "self",
"summary": "SUSE Bug 1224323",
"url": "https://bugzilla.suse.com/1224323"
},
{
"category": "self",
"summary": "SUSE Bug 1228553",
"url": "https://bugzilla.suse.com/1228553"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1996 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45142 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-47108 page",
"url": "https://www.suse.com/security/cve/CVE-2023-47108/"
}
],
"title": "Security update for containerd",
"tracking": {
"current_release_date": "2025-02-03T09:10:07Z",
"generator": {
"date": "2025-02-03T09:10:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20091-1",
"initial_release_date": "2025-02-03T09:10:07Z",
"revision_history": [
{
"date": "2025-02-03T09:10:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.7.21-1.1.aarch64",
"product": {
"name": "containerd-1.7.21-1.1.aarch64",
"product_id": "containerd-1.7.21-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.7.21-1.1.s390x",
"product": {
"name": "containerd-1.7.21-1.1.s390x",
"product_id": "containerd-1.7.21-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.7.21-1.1.x86_64",
"product": {
"name": "containerd-1.7.21-1.1.x86_64",
"product_id": "containerd-1.7.21-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.7.21-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64"
},
"product_reference": "containerd-1.7.21-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.7.21-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x"
},
"product_reference": "containerd-1.7.21-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.7.21-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
},
"product_reference": "containerd-1.7.21-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1996"
}
],
"notes": [
{
"category": "general",
"text": "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1996",
"url": "https://www.suse.com/security/cve/CVE-2022-1996"
},
{
"category": "external",
"summary": "SUSE Bug 1200528 for CVE-2022-1996",
"url": "https://bugzilla.suse.com/1200528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T09:10:07Z",
"details": "critical"
}
],
"title": "CVE-2022-1996"
},
{
"cve": "CVE-2023-45142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45142"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45142",
"url": "https://www.suse.com/security/cve/CVE-2023-45142"
},
{
"category": "external",
"summary": "SUSE Bug 1228553 for CVE-2023-45142",
"url": "https://bugzilla.suse.com/1228553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T09:10:07Z",
"details": "important"
}
],
"title": "CVE-2023-45142"
},
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T09:10:07Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2023-47108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-47108"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-47108",
"url": "https://www.suse.com/security/cve/CVE-2023-47108"
},
{
"category": "external",
"summary": "SUSE Bug 1217070 for CVE-2023-47108",
"url": "https://bugzilla.suse.com/1217070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T09:10:07Z",
"details": "important"
}
],
"title": "CVE-2023-47108"
}
]
}
SUSE-SU-2025:20110-1
Vulnerability from csaf_suse - Published: 2025-02-03 09:19 - Updated: 2025-02-03 09:19Summary
Security update for docker
Severity
Critical
Notes
Title of the patch: Security update for docker
Description of the patch: This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Add %{_sysconfdir}/audit/rules.d to filelist.
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070
* CVE-2023-45142. bsc#1228553
Patchnames: SUSE-SLE-Micro-6.0-169
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.9 (Critical)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker fixes the following issues:\n\n- Update docker-buildx to v0.19.2. See upstream changelog online at\n \u003chttps://github.com/docker/buildx/releases/tag/v0.19.2\u003e.\n\n Some notable changelogs from the last update:\n * \u003chttps://github.com/docker/buildx/releases/tag/v0.19.0\u003e\n * \u003chttps://github.com/docker/buildx/releases/tag/v0.18.0\u003e\n\n- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to\n disable the SUSEConnect integration with Docker (which creates special mounts\n in /run/secrets to allow container-suseconnect to authenticate containers\n with registries on registered hosts). bsc#1231348 bsc#1232999\n\n In order to disable these mounts, just do\n\n echo 0 \u003e /etc/docker/suse-secrets-enable\n\n and restart Docker. In order to re-enable them, just do\n\n echo 1 \u003e /etc/docker/suse-secrets-enable\n\n and restart Docker. Docker will output information on startup to tell you\n whether the SUSE secrets feature is enabled or not.\n\n- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from\n sysconfig a long time ago, and apparently this causes issues with systemd in\n some cases.\n\n- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we\n are replacing. See upstream changelog online at\n \u003chttps://github.com/docker/buildx/releases/tag/v0.17.1\u003e\n\n- Add %{_sysconfdir}/audit/rules.d to filelist.\n\n- Update to Docker 26.1.5-ce. See upstream changelog online at\n \u003chttps://docs.docker.com/engine/release-notes/26.1/#2615\u003e\n bsc#1230294\n- This update includes fixes for:\n * CVE-2024-41110. bsc#1228324\n * CVE-2023-47108. bsc#1217070\n * CVE-2023-45142. bsc#1228553\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-169",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20110-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20110-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520110-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20110-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021212.html"
},
{
"category": "self",
"summary": "SUSE Bug 1217070",
"url": "https://bugzilla.suse.com/1217070"
},
{
"category": "self",
"summary": "SUSE Bug 1228324",
"url": "https://bugzilla.suse.com/1228324"
},
{
"category": "self",
"summary": "SUSE Bug 1228553",
"url": "https://bugzilla.suse.com/1228553"
},
{
"category": "self",
"summary": "SUSE Bug 1229806",
"url": "https://bugzilla.suse.com/1229806"
},
{
"category": "self",
"summary": "SUSE Bug 1230294",
"url": "https://bugzilla.suse.com/1230294"
},
{
"category": "self",
"summary": "SUSE Bug 1230331",
"url": "https://bugzilla.suse.com/1230331"
},
{
"category": "self",
"summary": "SUSE Bug 1230333",
"url": "https://bugzilla.suse.com/1230333"
},
{
"category": "self",
"summary": "SUSE Bug 1231348",
"url": "https://bugzilla.suse.com/1231348"
},
{
"category": "self",
"summary": "SUSE Bug 1232999",
"url": "https://bugzilla.suse.com/1232999"
},
{
"category": "self",
"summary": "SUSE Bug 1233819",
"url": "https://bugzilla.suse.com/1233819"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45142 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-47108 page",
"url": "https://www.suse.com/security/cve/CVE-2023-47108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41110/"
}
],
"title": "Security update for docker",
"tracking": {
"current_release_date": "2025-02-03T09:19:38Z",
"generator": {
"date": "2025-02-03T09:19:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20110-1",
"initial_release_date": "2025-02-03T09:19:38Z",
"revision_history": [
{
"date": "2025-02-03T09:19:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-26.1.5_ce-1.1.aarch64",
"product": {
"name": "docker-26.1.5_ce-1.1.aarch64",
"product_id": "docker-26.1.5_ce-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-26.1.5_ce-1.1.s390x",
"product": {
"name": "docker-26.1.5_ce-1.1.s390x",
"product_id": "docker-26.1.5_ce-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-26.1.5_ce-1.1.x86_64",
"product": {
"name": "docker-26.1.5_ce-1.1.x86_64",
"product_id": "docker-26.1.5_ce-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.aarch64"
},
"product_reference": "docker-26.1.5_ce-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.s390x"
},
"product_reference": "docker-26.1.5_ce-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-26.1.5_ce-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.x86_64"
},
"product_reference": "docker-26.1.5_ce-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45142"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.aarch64",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.s390x",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45142",
"url": "https://www.suse.com/security/cve/CVE-2023-45142"
},
{
"category": "external",
"summary": "SUSE Bug 1228553 for CVE-2023-45142",
"url": "https://bugzilla.suse.com/1228553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.aarch64",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.s390x",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.aarch64",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.s390x",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T09:19:38Z",
"details": "important"
}
],
"title": "CVE-2023-45142"
},
{
"cve": "CVE-2023-47108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-47108"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.aarch64",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.s390x",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-47108",
"url": "https://www.suse.com/security/cve/CVE-2023-47108"
},
{
"category": "external",
"summary": "SUSE Bug 1217070 for CVE-2023-47108",
"url": "https://bugzilla.suse.com/1217070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.aarch64",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.s390x",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.aarch64",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.s390x",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T09:19:38Z",
"details": "important"
}
],
"title": "CVE-2023-47108"
},
{
"cve": "CVE-2024-41110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41110"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\n\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.aarch64",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.s390x",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41110",
"url": "https://www.suse.com/security/cve/CVE-2024-41110"
},
{
"category": "external",
"summary": "SUSE Bug 1228324 for CVE-2024-41110",
"url": "https://bugzilla.suse.com/1228324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.aarch64",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.s390x",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.aarch64",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.s390x",
"SUSE Linux Micro 6.0:docker-26.1.5_ce-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T09:19:38Z",
"details": "critical"
}
],
"title": "CVE-2024-41110"
}
]
}
SUSE-SU-2025:20259-1
Vulnerability from csaf_suse - Published: 2025-03-31 16:54 - Updated: 2025-03-31 16:54Summary
Security update for docker
Severity
Critical
Notes
Title of the patch: Security update for docker
Description of the patch: This update for docker fixes the following issues:
- This update includes fixes for:
* CVE-2024-41110: Fixed Authz zero length regression (bsc#1228324)
* CVE-2023-47108: Fixed otelgrpc: DoS vulnerability in otelgrpc
(uncontrolled resource consumption) due to unbound cardinality
(bsc#1217070 bsc#1229806)
* CVE-2023-45142: Fixed otelhttp,otelhttptrace,otelrestful: DoS
vulnerability (bsc#1228553 bsc#1229806)
- Update to Docker 27.5.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/27/#2741> bsc#1237335
- Update to docker-buildx 0.20.1. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.20.1>
- Update to Docker 27.4.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/27/#2741>
- Update to docker-buildx 0.19.3. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.3>
- Update to Docker 27.4.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/27/#274>
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Update to Go 1.22.
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Mark docker-buildx as required since classic "docker build" has been
deprecated since Docker 23.0. bsc#1230331
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
bsc#1230333
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
Patchnames: SUSE-SLE-Micro-6.1-37
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.9 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker fixes the following issues:\n\n- This update includes fixes for:\n\n * CVE-2024-41110: Fixed Authz zero length regression (bsc#1228324)\n * CVE-2023-47108: Fixed otelgrpc: DoS vulnerability in otelgrpc\n (uncontrolled resource consumption) due to unbound cardinality\n (bsc#1217070 bsc#1229806)\n * CVE-2023-45142: Fixed otelhttp,otelhttptrace,otelrestful: DoS\n vulnerability (bsc#1228553 bsc#1229806)\n\n- Update to Docker 27.5.1-ce. See upstream changelog online at\n \u003chttps://docs.docker.com/engine/release-notes/27/#2741\u003e bsc#1237335\n\n- Update to docker-buildx 0.20.1. See upstream changelog online at\n \u003chttps://github.com/docker/buildx/releases/tag/v0.20.1\u003e\n\n- Update to Docker 27.4.1-ce. See upstream changelog online at\n \u003chttps://docs.docker.com/engine/release-notes/27/#2741\u003e\n\n- Update to docker-buildx 0.19.3. See upstream changelog online at\n \u003chttps://github.com/docker/buildx/releases/tag/v0.19.3\u003e\n\n- Update to Docker 27.4.0-ce. See upstream changelog online at\n \u003chttps://docs.docker.com/engine/release-notes/27/#274\u003e\n\n \u003chttps://github.com/docker/buildx/releases/tag/v0.19.2\u003e.\n\n Some notable changelogs from the last update:\n * \u003chttps://github.com/docker/buildx/releases/tag/v0.19.0\u003e\n * \u003chttps://github.com/docker/buildx/releases/tag/v0.18.0\u003e\n\n- Update to Go 1.22.\n\n- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to\n disable the SUSEConnect integration with Docker (which creates special mounts\n in /run/secrets to allow container-suseconnect to authenticate containers\n with registries on registered hosts). bsc#1231348 bsc#1232999\n\n In order to disable these mounts, just do\n\n echo 0 \u003e /etc/docker/suse-secrets-enable\n\n and restart Docker. In order to re-enable them, just do\n\n echo 1 \u003e /etc/docker/suse-secrets-enable\n\n and restart Docker. Docker will output information on startup to tell you\n whether the SUSE secrets feature is enabled or not.\n\n- Disable docker-buildx builds for SLES. It turns out that build containers\n with docker-buildx don\u0027t currently get the SUSE secrets mounts applied,\n meaning that container-suseconnect doesn\u0027t work when building images.\n bsc#1233819\n\n- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from\n sysconfig a long time ago, and apparently this causes issues with systemd in\n some cases.\n\n- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we\n are replacing. See upstream changelog online at\n \u003chttps://github.com/docker/buildx/releases/tag/v0.17.1\u003e\n\n- Mark docker-buildx as required since classic \"docker build\" has been\n deprecated since Docker 23.0. bsc#1230331\n\n- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate\n package, but with docker-stable it will be necessary to maintain the packages\n together and it makes more sense to have them live in the same OBS package.\n bsc#1230333\n\n- Update to Docker 26.1.5-ce. See upstream changelog online at\n \u003chttps://docs.docker.com/engine/release-notes/26.1/#2615\u003e\n bsc#1230294\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-37",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20259-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20259-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520259-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20259-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021059.html"
},
{
"category": "self",
"summary": "SUSE Bug 1217070",
"url": "https://bugzilla.suse.com/1217070"
},
{
"category": "self",
"summary": "SUSE Bug 1223409",
"url": "https://bugzilla.suse.com/1223409"
},
{
"category": "self",
"summary": "SUSE Bug 1228324",
"url": "https://bugzilla.suse.com/1228324"
},
{
"category": "self",
"summary": "SUSE Bug 1228553",
"url": "https://bugzilla.suse.com/1228553"
},
{
"category": "self",
"summary": "SUSE Bug 1229806",
"url": "https://bugzilla.suse.com/1229806"
},
{
"category": "self",
"summary": "SUSE Bug 1230294",
"url": "https://bugzilla.suse.com/1230294"
},
{
"category": "self",
"summary": "SUSE Bug 1230331",
"url": "https://bugzilla.suse.com/1230331"
},
{
"category": "self",
"summary": "SUSE Bug 1230333",
"url": "https://bugzilla.suse.com/1230333"
},
{
"category": "self",
"summary": "SUSE Bug 1231348",
"url": "https://bugzilla.suse.com/1231348"
},
{
"category": "self",
"summary": "SUSE Bug 1232999",
"url": "https://bugzilla.suse.com/1232999"
},
{
"category": "self",
"summary": "SUSE Bug 1233819",
"url": "https://bugzilla.suse.com/1233819"
},
{
"category": "self",
"summary": "SUSE Bug 1234089",
"url": "https://bugzilla.suse.com/1234089"
},
{
"category": "self",
"summary": "SUSE Bug 1237335",
"url": "https://bugzilla.suse.com/1237335"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45142 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-47108 page",
"url": "https://www.suse.com/security/cve/CVE-2023-47108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-29018 page",
"url": "https://www.suse.com/security/cve/CVE-2024-29018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41110/"
}
],
"title": "Security update for docker",
"tracking": {
"current_release_date": "2025-03-31T16:54:17Z",
"generator": {
"date": "2025-03-31T16:54:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20259-1",
"initial_release_date": "2025-03-31T16:54:17Z",
"revision_history": [
{
"date": "2025-03-31T16:54:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-27.5.1_ce-slfo.1.1_1.1.aarch64",
"product": {
"name": "docker-27.5.1_ce-slfo.1.1_1.1.aarch64",
"product_id": "docker-27.5.1_ce-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-27.5.1_ce-slfo.1.1_1.1.ppc64le",
"product": {
"name": "docker-27.5.1_ce-slfo.1.1_1.1.ppc64le",
"product_id": "docker-27.5.1_ce-slfo.1.1_1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-27.5.1_ce-slfo.1.1_1.1.s390x",
"product": {
"name": "docker-27.5.1_ce-slfo.1.1_1.1.s390x",
"product_id": "docker-27.5.1_ce-slfo.1.1_1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-27.5.1_ce-slfo.1.1_1.1.x86_64",
"product": {
"name": "docker-27.5.1_ce-slfo.1.1_1.1.x86_64",
"product_id": "docker-27.5.1_ce-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-27.5.1_ce-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.aarch64"
},
"product_reference": "docker-27.5.1_ce-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-27.5.1_ce-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.ppc64le"
},
"product_reference": "docker-27.5.1_ce-slfo.1.1_1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-27.5.1_ce-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.s390x"
},
"product_reference": "docker-27.5.1_ce-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-27.5.1_ce-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.x86_64"
},
"product_reference": "docker-27.5.1_ce-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45142"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45142",
"url": "https://www.suse.com/security/cve/CVE-2023-45142"
},
{
"category": "external",
"summary": "SUSE Bug 1228553 for CVE-2023-45142",
"url": "https://bugzilla.suse.com/1228553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-31T16:54:17Z",
"details": "important"
}
],
"title": "CVE-2023-45142"
},
{
"cve": "CVE-2023-47108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-47108"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-47108",
"url": "https://www.suse.com/security/cve/CVE-2023-47108"
},
{
"category": "external",
"summary": "SUSE Bug 1217070 for CVE-2023-47108",
"url": "https://bugzilla.suse.com/1217070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-31T16:54:17Z",
"details": "important"
}
],
"title": "CVE-2023-47108"
},
{
"cve": "CVE-2024-29018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-29018"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby\u0027s networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters and thus behaviors. When creating a network, the `--internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well.\n\nWhen containers with networking are created, they are assigned unique network interfaces and IP addresses. The host serves as a router for non-internal networks, with a gateway IP that provides SNAT/DNAT to/from container IPs.\n\nContainers on an internal network may communicate between each other, but are precluded from communicating with any networks the host has access to (LAN or WAN) as no default route is configured, and firewall rules are set up to drop all outgoing traffic. Communication with the gateway IP address (and thus appropriately configured host services) is possible, and the host may communicate with any container IP directly.\n\nIn addition to configuring the Linux kernel\u0027s various networking features to enable container networking, `dockerd` directly provides some services to container networks. Principal among these is serving as a resolver, enabling service discovery, and resolution of names from an upstream resolver.\n\nWhen a DNS request for a name that does not correspond to a container is received, the request is forwarded to the configured upstream resolver. This request is made from the container\u0027s network namespace: the level of access and routing of traffic is the same as if the request was made by the container itself.\n\nAs a consequence of this design, containers solely attached to an internal network will be unable to resolve names using the upstream resolver, as the container itself is unable to communicate with that nameserver. Only the names of containers also attached to the internal network are able to be resolved.\n\nMany systems run a local forwarding DNS resolver. As the host and any containers have separate loopback devices, a consequence of the design described above is that containers are unable to resolve names from the host\u0027s configured resolver, as they cannot reach these addresses on the host loopback device. To bridge this gap, and to allow containers to properly resolve names even when a local forwarding resolver is used on a loopback address, `dockerd` detects this scenario and instead forward DNS requests from the host namework namespace. The loopback resolver then forwards the requests to its configured upstream resolvers, as expected.\n\nBecause `dockerd` forwards DNS requests to the host loopback device, bypassing the container network namespace\u0027s normal routing semantics entirely, internal networks can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers.\n\nDocker Desktop is not affected, as Docker Desktop always runs an internal resolver on a RFC 1918 address.\n\nMoby releases 26.0.0, 25.0.4, and 23.0.11 are patched to prevent forwarding any DNS requests from internal networks. As a workaround, run containers intended to be solely attached to internal networks with a custom upstream address, which will force all upstream DNS queries to be resolved from the container\u0027s network namespace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-29018",
"url": "https://www.suse.com/security/cve/CVE-2024-29018"
},
{
"category": "external",
"summary": "SUSE Bug 1234089 for CVE-2024-29018",
"url": "https://bugzilla.suse.com/1234089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-31T16:54:17Z",
"details": "moderate"
}
],
"title": "CVE-2024-29018"
},
{
"cve": "CVE-2024-41110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41110"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\n\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41110",
"url": "https://www.suse.com/security/cve/CVE-2024-41110"
},
{
"category": "external",
"summary": "SUSE Bug 1228324 for CVE-2024-41110",
"url": "https://bugzilla.suse.com/1228324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:docker-27.5.1_ce-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-31T16:54:17Z",
"details": "critical"
}
],
"title": "CVE-2024-41110"
}
]
}
WID-SEC-W-2023-3067
Vulnerability from csaf_certbund - Published: 2023-12-05 23:00 - Updated: 2024-11-13 23:00Summary
Red Hat OpenShift: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuführen und um Sicherheitsmechanismen zu umgehen.
Betroffene Betriebssysteme: - Linux
In Red Hat OpenShift besteht eine Schwachstelle aufgrund eines Speicherlecks im "otelhttp handler" von "open-telemetry". Ein Angreifer kann dies für einen Denial-of-Service-Angriff ausnutzen, indem er viele speziell gestaltete Anfragen sendet.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.7
Red Hat / OpenShift
|
Container Platform <4.14.7 | ||
|
Red Hat OpenShift distributed tracing 3
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:distributed_tracing_3
|
distributed tracing 3 |
Es besteht eine Schwachstelle in Red Hat OpenShift, in Bezug auf die "nkeys"-Bibliothek. Ein Implementierungsfehler in der Verschlüsselungslogik von "xkeys" führt zu "all-zeros"-Verschlüsselungsschlüsseln. Ein Angreifer kann dies ausnutzen, um Sicherheitsmechanismen zu umgehen.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.7
Red Hat / OpenShift
|
Container Platform <4.14.7 | ||
|
Red Hat OpenShift distributed tracing 3
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:distributed_tracing_3
|
distributed tracing 3 |
References
19 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und um Sicherheitsmechanismen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-3067 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3067.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-3067 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3067"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7681 vom 2023-12-12",
"url": "https://access.redhat.com/errata/RHSA-2023:7681"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7682 vom 2023-12-12",
"url": "https://access.redhat.com/errata/RHSA-2023:7682"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7198 vom 2024-02-28",
"url": "https://access.redhat.com/errata/RHSA-2023:7198"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7197 vom 2024-02-28",
"url": "https://access.redhat.com/errata/RHSA-2023:7197"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2446 vom 2024-02-06",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2446.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0833 vom 2024-02-21",
"url": "https://access.redhat.com/errata/RHSA-2024:0833"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0641 vom 2024-02-07",
"url": "https://access.redhat.com/errata/RHSA-2024:0641"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0660 vom 2024-02-07",
"url": "https://access.redhat.com/errata/RHSA-2024:0660"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0642 vom 2024-02-07",
"url": "https://access.redhat.com/errata/RHSA-2024:0642"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0204 vom 2024-01-20",
"url": "https://access.redhat.com/errata/RHSA-2024:0204"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7831 vom 2024-01-04",
"url": "https://access.redhat.com/errata/RHSA-2023:7831"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7663 vom 2023-12-06",
"url": "https://access.redhat.com/errata/RHSA-2023:7663"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1859 vom 2024-04-16",
"url": "https://access.redhat.com/errata/RHSA-2024:1859"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2773 vom 2024-05-15",
"url": "https://access.redhat.com/errata/RHSA-2024:2773"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4118 vom 2024-06-26",
"url": "https://access.redhat.com/errata/RHSA-2024:4118"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7921 vom 2024-10-15",
"url": "https://access.redhat.com/errata/RHSA-2024:7921"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8991 vom 2024-11-13",
"url": "https://access.redhat.com/errata/RHSA-2024:8991"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-13T23:00:00.000+00:00",
"generator": {
"date": "2024-11-14T10:22:48.459+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2023-3067",
"initial_release_date": "2023-12-05T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-12-05T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-12-12T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-03T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-21T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-05T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-02-07T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-20T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-27T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-16T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-15T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-25T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-13T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "13"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "distributed tracing 3",
"product": {
"name": "Red Hat OpenShift distributed tracing 3",
"product_id": "T031493",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:distributed_tracing_3"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.7",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.7",
"product_id": "T031849"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.7",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.7",
"product_id": "T031849-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.7"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45142",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift besteht eine Schwachstelle aufgrund eines Speicherlecks im \"otelhttp handler\" von \"open-telemetry\". Ein Angreifer kann dies f\u00fcr einen Denial-of-Service-Angriff ausnutzen, indem er viele speziell gestaltete Anfragen sendet."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T031849",
"T031493"
]
},
"release_date": "2023-12-05T23:00:00.000+00:00",
"title": "CVE-2023-45142"
},
{
"cve": "CVE-2023-46129",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Red Hat OpenShift, in Bezug auf die \"nkeys\"-Bibliothek. Ein Implementierungsfehler in der Verschl\u00fcsselungslogik von \"xkeys\" f\u00fchrt zu \"all-zeros\"-Verschl\u00fcsselungsschl\u00fcsseln. Ein Angreifer kann dies ausnutzen, um Sicherheitsmechanismen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T031849",
"T031493"
]
},
"release_date": "2023-12-05T23:00:00.000+00:00",
"title": "CVE-2023-46129"
}
]
}
WID-SEC-W-2024-0641
Vulnerability from csaf_certbund - Published: 2024-03-14 23:00 - Updated: 2025-06-03 22:00Summary
Red Hat Enterprise Linux (Advanced Cluster Management): Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuführen oder Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.15.14
Red Hat / OpenShift
|
Container Platform <4.15.14 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.15.14
Red Hat / OpenShift
|
Container Platform <4.15.14 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.15.14
Red Hat / OpenShift
|
Container Platform <4.15.14 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.15.14
Red Hat / OpenShift
|
Container Platform <4.15.14 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 |
References
22 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0641 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0641.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0641 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0641"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1328 vom 2024-03-14",
"url": "https://access.redhat.com/errata/RHSA-2024:1328"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1255 vom 2024-03-19",
"url": "https://access.redhat.com/errata/RHSA-2024:1255"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1549 vom 2024-03-27",
"url": "https://access.redhat.com/errata/RHSA-2024:1549"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1570 vom 2024-03-28",
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1137-1 vom 2024-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018286.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2865 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2865"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4156 vom 2024-07-03",
"url": "https://access.redhat.com/errata/RHSA-2024:4156"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4626 vom 2024-07-18",
"url": "https://access.redhat.com/errata/RHSA-2024:4626"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6236 vom 2024-09-04",
"url": "https://access.redhat.com/errata/RHSA-2024:6236"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6013 vom 2024-09-05",
"url": "https://access.redhat.com/errata/RHSA-2024:6013"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6406 vom 2024-09-12",
"url": "https://access.redhat.com/errata/RHSA-2024:6406"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3266-1 vom 2024-09-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019442.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3267-1 vom 2024-09-17",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LVIWDYYN6LLZLFD7GR7LHE73UYRYDPHX/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6811 vom 2024-09-25",
"url": "https://access.redhat.com/errata/RHSA-2024:6811"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3718 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:3718"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-1012 vom 2024-10-14",
"url": "https://advisory.splunk.com//advisories/SVD-2024-1012"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3656-1 vom 2024-10-16",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/EAHKWTRWWAX4Y4SNTAAW5T57YHPEOMQG/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4360-1 vom 2024-12-17",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5QN46RDSEXZFITMIFYI2BFRQ6NL6TXZB/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20278-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021044.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20196-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021144.html"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (Advanced Cluster Management): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-06-03T22:00:00.000+00:00",
"generator": {
"date": "2025-06-04T10:28:43.252+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-0641",
"initial_release_date": "2024-03-14T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-03-14T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-03-18T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-27T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-01T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-08T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-20T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-03T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-18T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-03T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-05T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-11T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-16T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-24T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-01T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-14T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2024-10-16T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-12-17T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "18"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T014111",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
},
{
"category": "product_version",
"name": "Advanced Cluster Security for Kubernetes 4",
"product": {
"name": "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4",
"product_id": "T033787",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.14",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.14",
"product_id": "T034932"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.14",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.14",
"product_id": "T034932-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.14"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.16.1",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.16.1",
"product_id": "T035804"
}
},
{
"category": "product_version",
"name": "Container Platform 4.16.1",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16.1",
"product_id": "T035804-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.16.1"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.3.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.1",
"product_id": "T038314"
}
},
{
"category": "product_version",
"name": "9.3.1",
"product": {
"name": "Splunk Splunk Enterprise 9.3.1",
"product_id": "T038314-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.3",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.3",
"product_id": "T038315"
}
},
{
"category": "product_version",
"name": "9.2.3",
"product": {
"name": "Splunk Splunk Enterprise 9.2.3",
"product_id": "T038315-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.6",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.6",
"product_id": "T038316"
}
},
{
"category": "product_version",
"name": "9.1.6",
"product": {
"name": "Splunk Splunk Enterprise 9.1.6",
"product_id": "T038316-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.1.6"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45142",
"product_status": {
"known_affected": [
"T033787",
"T034932",
"T002207",
"67646",
"T035804",
"T038314",
"T038315",
"T038316",
"T014111"
]
},
"release_date": "2024-03-14T23:00:00.000+00:00",
"title": "CVE-2023-45142"
},
{
"cve": "CVE-2023-47108",
"product_status": {
"known_affected": [
"T033787",
"T034932",
"T002207",
"67646",
"T035804",
"T038314",
"T038315",
"T038316",
"T014111"
]
},
"release_date": "2024-03-14T23:00:00.000+00:00",
"title": "CVE-2023-47108"
},
{
"cve": "CVE-2024-25620",
"product_status": {
"known_affected": [
"T033787",
"T034932",
"T002207",
"67646",
"T035804",
"T038314",
"T038315",
"T038316",
"T014111"
]
},
"release_date": "2024-03-14T23:00:00.000+00:00",
"title": "CVE-2024-25620"
},
{
"cve": "CVE-2024-26147",
"product_status": {
"known_affected": [
"T033787",
"T034932",
"T002207",
"67646",
"T035804",
"T038314",
"T038315",
"T038316",
"T014111"
]
},
"release_date": "2024-03-14T23:00:00.000+00:00",
"title": "CVE-2024-26147"
}
]
}
WID-SEC-W-2024-0869
Vulnerability from csaf_certbund - Published: 2024-04-16 22:00 - Updated: 2024-11-21 23:00Summary
Oracle Communications: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Windows
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Communications umfasst branchenspezifische L\u00f6sungen f\u00fcr die Telekommunikationsbranche.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0869 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0869.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0869 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0869"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Communications vom 2024-04-16",
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixCGBU"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1878 vom 2024-04-18",
"url": "https://access.redhat.com/errata/RHSA-2024:1878"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202405-01 vom 2024-05-04",
"url": "https://security.gentoo.org/glsa/202405-01"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7987 vom 2024-10-10",
"url": "https://access.redhat.com/errata/RHSA-2024:7987"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX24-017 vom 2024-11-21",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/11/Xerox-Security-Bulletin-XRX24-017-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
}
],
"source_lang": "en-US",
"title": "Oracle Communications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-21T23:00:00.000+00:00",
"generator": {
"date": "2024-11-22T10:07:06.493+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-0869",
"initial_release_date": "2024-04-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-04-17T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-05T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-10-10T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-21T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von XEROX aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "5",
"product": {
"name": "Oracle Communications 5.0",
"product_id": "T021645",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.0"
}
}
},
{
"category": "product_version",
"name": "22.4.0",
"product": {
"name": "Oracle Communications 22.4.0",
"product_id": "T024981",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:22.4.0"
}
}
},
{
"category": "product_version",
"name": "23.1.0",
"product": {
"name": "Oracle Communications 23.1.0",
"product_id": "T027326",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.1.0"
}
}
},
{
"category": "product_version",
"name": "23.2.0",
"product": {
"name": "Oracle Communications 23.2.0",
"product_id": "T028682",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.2.0"
}
}
},
{
"category": "product_version",
"name": "5.1",
"product": {
"name": "Oracle Communications 5.1",
"product_id": "T028684",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.1"
}
}
},
{
"category": "product_version",
"name": "23.2.2",
"product": {
"name": "Oracle Communications 23.2.2",
"product_id": "T030583",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.2.2"
}
}
},
{
"category": "product_version",
"name": "23.3.0",
"product": {
"name": "Oracle Communications 23.3.0",
"product_id": "T030586",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.3.0"
}
}
},
{
"category": "product_version",
"name": "9.0.0.0",
"product": {
"name": "Oracle Communications 9.0.0.0",
"product_id": "T030589",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.0.0.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=7.2.1.0.0",
"product": {
"name": "Oracle Communications \u003c=7.2.1.0.0",
"product_id": "T030593"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.2.1.0.0",
"product": {
"name": "Oracle Communications \u003c=7.2.1.0.0",
"product_id": "T030593-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.0.2",
"product": {
"name": "Oracle Communications \u003c=9.0.2",
"product_id": "T030595"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.0.2",
"product": {
"name": "Oracle Communications \u003c=9.0.2",
"product_id": "T030595-fixed"
}
},
{
"category": "product_version",
"name": "23.3.1",
"product": {
"name": "Oracle Communications 23.3.1",
"product_id": "T032088",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.3.1"
}
}
},
{
"category": "product_version",
"name": "23.4.0",
"product": {
"name": "Oracle Communications 23.4.0",
"product_id": "T032091",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.0"
}
}
},
{
"category": "product_version",
"name": "23.4.1",
"product": {
"name": "Oracle Communications 23.4.1",
"product_id": "T034143",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.2",
"product": {
"name": "Oracle Communications \u003c=23.4.2",
"product_id": "T034144"
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.2",
"product": {
"name": "Oracle Communications \u003c=23.4.2",
"product_id": "T034144-fixed"
}
},
{
"category": "product_version",
"name": "24.1.0",
"product": {
"name": "Oracle Communications 24.1.0",
"product_id": "T034145",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:24.1.0"
}
}
},
{
"category": "product_version",
"name": "5.2",
"product": {
"name": "Oracle Communications 5.2",
"product_id": "T034146",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.2"
}
}
},
{
"category": "product_version",
"name": "24.1.0.0.0",
"product": {
"name": "Oracle Communications 24.1.0.0.0",
"product_id": "T034147",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:24.1.0.0.0"
}
}
},
{
"category": "product_version",
"name": "23.3.2",
"product": {
"name": "Oracle Communications 23.3.2",
"product_id": "T034148",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.3.2"
}
}
},
{
"category": "product_version",
"name": "14.0.0.0.0",
"product": {
"name": "Oracle Communications 14.0.0.0.0",
"product_id": "T034149",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:14.0.0.0.0"
}
}
},
{
"category": "product_version",
"name": "9.1.1.7.0",
"product": {
"name": "Oracle Communications 9.1.1.7.0",
"product_id": "T034150",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.1.1.7.0"
}
}
}
],
"category": "product_name",
"name": "Communications"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v9",
"product": {
"name": "Xerox FreeFlow Print Server v9",
"product_id": "T015632",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40152",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2022-40152"
},
{
"cve": "CVE-2022-40896",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2022-40896"
},
{
"cve": "CVE-2022-45688",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2022-45688"
},
{
"cve": "CVE-2023-2283",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-2283"
},
{
"cve": "CVE-2023-31122",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-31122"
},
{
"cve": "CVE-2023-33201",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-34053",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-34053"
},
{
"cve": "CVE-2023-34055",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-34055"
},
{
"cve": "CVE-2023-4016",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-4016"
},
{
"cve": "CVE-2023-41056",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-41056"
},
{
"cve": "CVE-2023-43496",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-43496"
},
{
"cve": "CVE-2023-44487",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45142",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-45142"
},
{
"cve": "CVE-2023-4641",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-4641"
},
{
"cve": "CVE-2023-46589",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-47100",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-47100"
},
{
"cve": "CVE-2023-4863",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-4863"
},
{
"cve": "CVE-2023-48795",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-49083",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-49083"
},
{
"cve": "CVE-2023-5072",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-5072"
},
{
"cve": "CVE-2023-51074",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-51074"
},
{
"cve": "CVE-2023-51257",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-51257"
},
{
"cve": "CVE-2023-51775",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-51775"
},
{
"cve": "CVE-2023-5341",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-5341"
},
{
"cve": "CVE-2023-5363",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-5363"
},
{
"cve": "CVE-2023-6507",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-6507"
},
{
"cve": "CVE-2024-1635",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-1635"
},
{
"cve": "CVE-2024-21626",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-21626"
},
{
"cve": "CVE-2024-22201",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-22201"
},
{
"cve": "CVE-2024-22233",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-22233"
},
{
"cve": "CVE-2024-22257",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-22257"
},
{
"cve": "CVE-2024-22259",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-22259"
},
{
"cve": "CVE-2024-25062",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-26130",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-26130"
},
{
"cve": "CVE-2024-26308",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-26308"
}
]
}
WID-SEC-W-2024-1474
Vulnerability from csaf_certbund - Published: 2024-06-27 22:00 - Updated: 2025-08-26 22:00Summary
Red Hat OpenShift Container Platform: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff: Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder Daten zu manipulieren.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
References
66 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1474 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1474.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1474 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1474"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0040 vom 2024-06-27",
"url": "https://access.redhat.com/errata/RHSA-2024:0040"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0041 vom 2024-06-27",
"url": "https://access.redhat.com/errata/RHSA-2024:0041"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0043 vom 2024-06-27",
"url": "https://access.redhat.com/errata/RHSA-2024:0043"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0045 vom 2024-06-27",
"url": "https://access.redhat.com/errata/RHSA-2024:0045"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3637 vom 2024-07-01",
"url": "https://access.redhat.com/errata/RHSA-2024:3637"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3617 vom 2024-07-01",
"url": "https://access.redhat.com/errata/RHSA-2024:3617"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1616 vom 2024-07-01",
"url": "https://access.redhat.com/errata/RHSA-2024:1616"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:3968 vom 2024-07-02",
"url": "https://errata.build.resf.org/RLSA-2024:3968"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4150 vom 2024-07-03",
"url": "https://access.redhat.com/errata/RHSA-2024:4150"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4159 vom 2024-07-03",
"url": "https://access.redhat.com/errata/RHSA-2024:4159"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-BD8FE42929 vom 2024-07-06",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-bd8fe42929"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4591 vom 2024-07-17",
"url": "https://access.redhat.com/errata/RHSA-2024:4591"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4613 vom 2024-07-25",
"url": "https://access.redhat.com/errata/RHSA-2024:4613"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4699 vom 2024-07-25",
"url": "https://access.redhat.com/errata/RHSA-2024:4699"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4850 vom 2024-07-31",
"url": "https://access.redhat.com/errata/RHSA-2024:4850"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4846 vom 2024-07-31",
"url": "https://access.redhat.com/errata/RHSA-2024:4846"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4960 vom 2024-08-07",
"url": "https://access.redhat.com/errata/RHSA-2024:4960"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5094 vom 2024-08-08",
"url": "https://access.redhat.com/errata/RHSA-2024:5094"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5258 vom 2024-08-13",
"url": "https://access.redhat.com/errata/RHSA-2024:5258"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-042 vom 2024-08-13",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-042.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5294 vom 2024-08-14",
"url": "https://access.redhat.com/errata/RHSA-2024:5294"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-5294 vom 2024-08-14",
"url": "https://linux.oracle.com/errata/ELSA-2024-5294.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-5258 vom 2024-08-14",
"url": "https://linux.oracle.com/errata/ELSA-2024-5258.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5200 vom 2024-08-19",
"url": "https://access.redhat.com/errata/RHSA-2024:5200"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5202 vom 2024-08-19",
"url": "https://access.redhat.com/errata/RHSA-2024:5202"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5438 vom 2024-08-21",
"url": "https://access.redhat.com/errata/RHSA-2024:5438"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5951 vom 2024-08-28",
"url": "https://access.redhat.com/errata/RHSA-2024:5951"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6054 vom 2024-08-30",
"url": "https://access.redhat.com/errata/RHSA-2024:6054"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6708 vom 2024-09-16",
"url": "https://access.redhat.com/errata/RHSA-2024:6708"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6755 vom 2024-09-18",
"url": "https://access.redhat.com/errata/RHSA-2024:6755"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6687 vom 2024-09-19",
"url": "https://access.redhat.com/errata/RHSA-2024:6687"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6824 vom 2024-09-24",
"url": "https://access.redhat.com/errata/RHSA-2024:6824"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7164 vom 2024-09-26",
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7179 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7179"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7174 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7174"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7179 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7182"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3718 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:3718"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7436 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7436"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3717 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:3717"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7187 vom 2024-10-03",
"url": "https://access.redhat.com/errata/RHSA-2024:7187"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7184 vom 2024-10-03",
"url": "https://access.redhat.com/errata/RHSA-2024:7184"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7323 vom 2024-10-07",
"url": "https://access.redhat.com/errata/RHSA-2024:7323"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8040 vom 2024-10-14",
"url": "https://access.redhat.com/errata/RHSA-2024:8040"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7922 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:7922"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7939 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:7941"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8260 vom 2024-10-24",
"url": "https://access.redhat.com/errata/RHSA-2024:8260"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8534 vom 2024-10-28",
"url": "https://access.redhat.com/errata/RHSA-2024:8534"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8434 vom 2024-10-29",
"url": "https://access.redhat.com/errata/RHSA-2024:8434"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8425 vom 2024-10-31",
"url": "https://access.redhat.com/errata/RHSA-2024:8425"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8676 vom 2024-10-30",
"url": "https://access.redhat.com/errata/RHSA-2024:8676"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9181 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9181"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9098 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9098"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9097 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9097"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9102 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9102"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9960 vom 2024-11-19",
"url": "https://access.redhat.com/errata/RHSA-2024:9960"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9615 vom 2024-11-20",
"url": "https://access.redhat.com/errata/RHSA-2024:9615"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10147 vom 2024-11-26",
"url": "https://access.redhat.com/errata/RHSA-2024:10147"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8704 vom 2024-12-02",
"url": "https://access.redhat.com/errata/RHSA-2024:8704"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:11293 vom 2024-12-17",
"url": "https://access.redhat.com/errata/RHSA-2024:11293"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6122 vom 2025-02-25",
"url": "https://access.redhat.com/errata/RHSA-2024:6122"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4019 vom 2025-04-23",
"url": "https://access.redhat.com/errata/RHSA-2025:4019"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20013-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021364.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20055-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021310.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:0323-1 vom 2025-08-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TAOZOXVVSHLUMSNGQ4WCSWQAB5DM7EZH/"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift Container Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-26T22:00:00.000+00:00",
"generator": {
"date": "2025-08-27T11:46:37.250+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2024-1474",
"initial_release_date": "2024-06-27T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-06-27T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-30T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-02T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2024-07-03T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-07T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-07-17T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-24T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-25T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-30T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-07T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-12T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-13T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-08-14T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-08-18T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-20T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-28T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-29T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-16T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-18T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-24T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-25T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-01T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-03T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-07T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-13T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-16T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-23T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-28T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-29T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-30T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-11T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-18T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-19T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-26T23:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-02T23:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-17T23:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-24T23:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-22T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-04T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-26T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von openSUSE aufgenommen"
}
],
"status": "final",
"version": "42"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform",
"product": {
"name": "Red Hat Ansible Automation Platform",
"product_id": "T031834",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Advanced Cluster Security for Kubernetes 4",
"product": {
"name": "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4",
"product_id": "T027916",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4"
}
}
},
{
"category": "product_version",
"name": "Advanced Cluster Security for Kubernetes 4",
"product": {
"name": "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4",
"product_id": "T033787",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Secondary Scheduler Operator",
"product": {
"name": "Red Hat OpenShift Secondary Scheduler Operator",
"product_id": "T027759",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:::secondary_scheduler_operator"
}
}
},
{
"category": "product_version",
"name": "Kube Descheduler Operator 5",
"product": {
"name": "Red Hat OpenShift Kube Descheduler Operator 5",
"product_id": "T033270",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:kube_descheduler_operator_5"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.16.0",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.16.0",
"product_id": "T035697"
}
},
{
"category": "product_version",
"name": "Container Platform 4.16.0",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16.0",
"product_id": "T035697-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.16.0"
}
}
},
{
"category": "product_version",
"name": "Run Once Duration Override Operator 1",
"product": {
"name": "Red Hat OpenShift Run Once Duration Override Operator 1",
"product_id": "T035698",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:run_once_duration_override_operator_1"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.16.1",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.16.1",
"product_id": "T035804"
}
},
{
"category": "product_version",
"name": "Container Platform 4.16.1",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16.1",
"product_id": "T035804-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.16.1"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.12.63",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.12.63",
"product_id": "T036942"
}
},
{
"category": "product_version",
"name": "Container Platform 4.12.63",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12.63",
"product_id": "T036942-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.12.63"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.28",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.28",
"product_id": "T036960"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.28",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.28",
"product_id": "T036960-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.28"
}
}
},
{
"category": "product_version_range",
"name": "Virtualization \u003c4.15.5",
"product": {
"name": "Red Hat OpenShift Virtualization \u003c4.15.5",
"product_id": "T037141"
}
},
{
"category": "product_version",
"name": "Virtualization 4.15.5",
"product": {
"name": "Red Hat OpenShift Virtualization 4.15.5",
"product_id": "T037141-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:virtualization__4.15.5"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.38",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.38",
"product_id": "T037940"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.38",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.38",
"product_id": "T037940-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.38"
}
}
},
{
"category": "product_version",
"name": "API for Data Protection 1",
"product": {
"name": "Red Hat OpenShift API for Data Protection 1",
"product_id": "T039224",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:api_for_data_protection_1"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.16.23",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.16.23",
"product_id": "T039272"
}
},
{
"category": "product_version",
"name": "Container Platform 4.16.23",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16.23",
"product_id": "T039272-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.16.23"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.16.24",
"product": {
"name": "Red Hat OpenShift \u003c4.16.24",
"product_id": "T039438"
}
},
{
"category": "product_version",
"name": "4.16.24",
"product": {
"name": "Red Hat OpenShift 4.16.24",
"product_id": "T039438-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.16.24"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.18.10",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.18.10",
"product_id": "T043077"
}
},
{
"category": "product_version",
"name": "Container Platform 4.18.10",
"product": {
"name": "Red Hat OpenShift Container Platform 4.18.10",
"product_id": "T043077-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.18.10"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-25210",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2019-25210"
},
{
"cve": "CVE-2023-29483",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-29483"
},
{
"cve": "CVE-2023-45142",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-45142"
},
{
"cve": "CVE-2023-45289",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-45289"
},
{
"cve": "CVE-2023-45290",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-45290"
},
{
"cve": "CVE-2023-47108",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-47108"
},
{
"cve": "CVE-2023-48795",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-52425",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2024-0874",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-0874"
},
{
"cve": "CVE-2024-1394",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-1394"
},
{
"cve": "CVE-2024-22189",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-22189"
},
{
"cve": "CVE-2024-2398",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-2398"
},
{
"cve": "CVE-2024-24783",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-24783"
},
{
"cve": "CVE-2024-24784",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-24784"
},
{
"cve": "CVE-2024-24785",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-24785"
},
{
"cve": "CVE-2024-24786",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-24786"
},
{
"cve": "CVE-2024-28110",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-28110"
},
{
"cve": "CVE-2024-28176",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-28176"
},
{
"cve": "CVE-2024-28180",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-28180"
},
{
"cve": "CVE-2024-28757",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-28849",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-29180",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-29180"
},
{
"cve": "CVE-2024-3177",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-3177"
},
{
"cve": "CVE-2024-3727",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-3727"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…